Every week, we hear of new threats to computer security: Cryptolocker, Heartbleed, Zeus. With so many different names and kinds of threats, it can be daunting to keep track of all the different ways that a computer can be compromised. OpenDNS and our Umbrella Roaming Client are powerful security tools, but the best weapon in the fight against cybercrime is battlefield knowledge.
Some might call the comparison of malicious activity to warfare a little hyperbolic. Not long ago, bugs and viruses were the realm of bucktoothed hackers looking to annoy people or companies, but weren’t treated as anything other than irritating teenagers with an internet connection, a computer, and some time to kill. But times have changed, and malicious activity on the net isn’t a joke anymore, but a business. According to McAfee, malicious activity annually costs the world about $375 billion, at a conservative estimate. The FBI tells us that 18 computers get infected every second. OpenDNS’ security solutions help prevent malware and phishing attacks from affecting your computers, but knowing about the different threats is key.
Malware refers to any piece of malicious software, programs that are designed to impede or disrupt a computer’s standard operations. Previously, this was used mainly to refer to viruses, but as malware becomes more of an industry than a hobby, we see new variants emerging—including keyloggers, ransomware, and RATs. These threats vary in terms of what they do and the kind of damage they inflict, so I’ll go over them one by one.
Keyloggers are programs that run invisibly on your computer in the background. While running, keyloggers record all of your computer’s keystrokes and send them to the attacker. Though the attacker may get your benign search terms (I’ve searched for “cats” more times than I’d care to admit), they’ll also get your passwords and email addresses if you type them in. Because the keylogger is on your computer, those keystrokes are unencrypted and totally exposed to the program. Keyloggers can just as easily record your PIN or credit card information when using online shopping services or banking.
Whereas keyloggers hide in the background, ransomware is anything but subtle. These programs take your computer files such as the photos from your last vacation, tax records for your business, or your favorite songs from this really rare album you have, and encrypts them, making them unable to be opened by you until a fee (the “ransom”) is paid. Some even offer technical support in helping you pay them. One famous example of this software is Cryptolocker, which earned its operators $30 million in 100 days.
Rounding out the list, RATs are what a lot of people think of when they imagine cybercrime. An acronym standing for Remote Access Trojan, these programs give root access of a computer to the attacker, letting them remotely control all of the computer’s functions. They can move your cursor, see what windows you’re currently looking at, and much, much more. Having full access to your computer means they can do anything and everything they want with it.
Whereas malware is designed more to take advantage of your computer and its weaknesses, phishing attacks are designed to take advantage of you. A play on fishing, this sort of malicious behavior is meant to trick you into revealing sensitive or valuable information, such as your passwords, bank account number, SSN, or any other information you want to keep secret. One of the major differences between phishing and malware is that very few phishing attacks require you to download anything.
Nigerian Scamming Emails, alternatively called “419 attacks” (from the Nigerian Criminal Code about fraud) or “Nigerian Prince Emails” are famous examples of phishing attacks. In these emails, the senders claim that they have a large amount of money held in trust because a wealthy relative died, and that they need a little bit more money to gain access to the larger sum. Perhaps they can’t afford the trip to the bank in the capital to claim it, or they may need to pay a “service fee” to the bank. However, this bank, and the larger sum, don’t actually exist. It doesn’t stop people from believing that if they wire some money to the sender, they’ll receive a payout at the end.
Similarly, there are many messages purporting to be from banks or email services like Google. In it, the sender warns that the victim’s account is in jeopardy. Maybe the account is about to be deleted, or that it has been compromised. In any case, the sender has to “authenticate” that the victim is legitimate, and so requests the victim’s account information, including any passwords and mailing addresses. Email phishing attacks are very common because it’s email is cheap, fast, and easily spoofable; it’s trivial to claim a sending email address as “firstname.lastname@example.org” or “email@example.com” but receive the message elsewhere.
To learn more about phishing check out this talk “Teach a man to phish” from fellow OpenDNSer Vinny Lariza, who recently presented at BsidesLV.
Learning about the different threats on the web is the best weapon in any person’s arsenal, but knowledge alone isn’t enough. Even the most careful people on the web still fall prey to attacks, which is why OpenDNS is here to help defend computers and their users.