We are starting a new year, and with it new digital threats are emerging and chasing users around the world. Experts predict further covid-19 vaccination scams, abuse of vulnerable home office, corporate VPN and vendor infrastructures, and ransomware attacks.
Users should also be on the lookout for deepfake disinformation campaigns and other malicious AI-generated actions that will gain more traction. Specifically for Android, adware attacks, fleeceware scams and use of stalkerware are expected.
Given these predictions, how to circumvent such threats?
Covid-19 related scams
We must be aware of scams, specifically those related to vaccination. If offers of immunizations appear circulating on the internet, it is important to be aware that a particular sale may probably be too good to be true, since vaccines should only be distributed by official sources for a long time. In order not to fall for fraud, people should only rely on doctors and local health officials to obtain information against covid-19.
Home Office Security
Even under normal circumstances, the home office brings organizations unique security challenges. Employees may be handling sensitive information and are likely to access the corporate network from different locations using different devices. An attack on a corporate network can be disastrous for businesses, so companies must protect it with a comprehensive security solution.
Online scams that emerged during the covid-19 crisis will continue to exist
For this reason, companies and their employees must remain extremely vigilant, in order to protect themselves against security threats, avoiding falling into phishing scams by regularly checking for possible malware on computers using an advanced corporate antivirus program.
When it comes to ransomware attacks, prevention is the best policy, and the best way to do that is to avoid infection. When protecting against ransomware attacks, you don’t have to worry about the consequences of a “data hijacking”.
Whoever practices smart habits when surfing the internet and uses a reliable ransomware prevention tool is a much harder target for cyber attacks, but if the device is infected it is important to have an updated backup of the most relevant documents, in order for the ransomware threat be harmless. If the device allows you to define an automatic backup schedule, this must be done as well.
Deepfakes are fake videos or audio recordings that look and sound real. Although it is a new and complex trend, there are several techniques for detecting it. One way is to carefully analyze facial expressions and gestures and notice how they are unique to each individual. This is called smooth biometrics, which means that it is not an exact science.
Predictability increases for celebrities filmed frequently, of which there is a large collection of images and videos that can be used to compare these visual “tics”. For example, trying to say a few words without closing your mouth to see if they can be pronounced or if it is a fake edition made by artificial intelligence.
Adware is a type of malicious software that bombards users with incessant pop-ups. In addition to being annoying, it can collect sensitive information, track visited websites and even record everything that is typed. As with all types of malware, prevention is easier than removal.
There are several steps that can be taken to prevent the spread of adware. One of them is to use a reliable ad blocker, which prevents the display of advertisements while browsing the web, which can eliminate possibilities for unauthorized downloads from infected websites.
Any ad that offers a free iPhone or anything incredibly cool is probably a scam
You should not click on advertisements that look too good to be true. Any ad that offers a free iPhone or anything incredibly cool is probably a scam. In addition to ignoring false warnings, large pop-ups with many exclamation points warning about a virus are almost certainly fake.
Another step is to avoid suspicious or unknown websites, especially when shopping online, no matter how low the prices are. Finally, the browser’s privacy settings must be adjusted. Depending on the browser, you may be able to prevent third parties from installing things like toolbars without consent.
As a bonus tip, it is important to use a reliable antivirus and to know that, even if you follow all these practices, some malware can find a way to reach you, so a protection program is the best line of defense to keep out any software malicious.
Fleeceware is a relatively new category of cyber crime that offers users an attractive service, such as a mobile device application with a free trial usually for a short period. After that, it starts to charge automatically and subtly.
How to identify them? Fleeceware apps can be in any category. Their reviews tend to seem false, as many users leave “enthusiastic” opinions while real reviews reveal that the program does not actually work or, unbeknownst to them, charges large amounts of money from users.
Stalkerware is a rising domestic malware with dangerous and sinister implications. While software spies and scammers seek to steal people’s sensitive data, stalkerware steals the victim’s privacy.
Installed secretly on cell phones by “friends”, jealous spouses, ex-partners and sometimes parents concerned about their children’s safety, stalkerware tracks the victim’s physical location, monitors visited websites, text messages and phone calls.
There are certain steps that can be taken to avoid stalkerware
The first step in preventing stalkerware is to protect your phone from unauthorized physical access. According to Pew Research, a quarter of smartphone users do not have a screen saver system and just over half do not use fingerprints or PIN codes to keep devices locked.
This makes it easier for a suspect to secretly install stalkerware. An unlocked phone should not be lent to anyone unless there is complete confidence in the person’s intentions. Installing stalkerware can take less than 1 minute on a mobile device.
The second step is to install a good conventional antivirus on your smartphone, which will treat stalkerware as a potentially unwanted program (PUPs) and give you the option to remove it.
Do not hesitate to contact organizations that fight domestic abuse or even the police
If you are in an abusive relationship, understand that you are at greater risk of being harassed. An innocent visit to a friend or relative can be detected and trigger physical abuse.
Just uninstalling the stalkerware can alert the abusive partner. If you’re at this stage and need support quickly, dial 180 and talk to the attendants to know what to do and how to do it safely.
You can also get in touch with organizations like Operation Safe Escape, which offer support and education to victims of domestic violence and abuse, in addition to helping with physical and digital security issues.
If your device may have been compromised by stalkerware, avoid using it to contact your support organization or technical support. Use an anonymous device, such as a public institution’s computer or a friend’s phone, to avoid alerts or possible attacks.
Luis Corrons, biweekly columnist of TecMundo, is a senior research associate at Avast. Always attentive to the latest cybersecurity, malware and darknet news, he is a veteran and speaker in the security industry. He is also a reporter for WildList, chairman of the Board of Directors of the Anti-Malware Testing Standards Organization (AMTSO) and a member of the board of directors of Malicious URLs Tracking and Exchange (MUTE).