Malware is an umbrella term to define any piece of software whose intent is to do harm to your computer or phone. Most all cyber threats floating around the internet today are considered malware. Viruses, adware, spyware, rootkits, cryptojacking and ransomware are all examples of types of Malware.
Cyber criminals would use Malware for: Data loss (deleting your personal files), Data theft (stealing financial information, proprietary designs, business plans, etc..), Data corruption (purposely destroying your files to wreak havoc), Cryptomining (using your computer without you knowing to make hackers money), eavesdropping on your network traffic (scanning your internet usage to know what websites you visit and gain access to your website accounts like banking) and holding your data hostage for money. These are just a few examples of the most common, but all depends on how crafty the cyber criminal is.
In 2018, the US Department of Justice indicted nine Iranian hackers for attacking more than 300 US universities. They stole 31 Terabytes of data worth close to $3 Billion dollars. Carefully crafted emails were used to trick professors and other staff members to enter network login credentials. They gained access to 8,000 accounts.
According to Wired.com 2018 Worst Breaches
Ransomware is a subset of Malware, but one of the most wide-spread attacks. It's a type of malware that prevents you from accessing your files by displaying a full screen warning message threating to lock your files using encryption or even erase your computer unless you pay the cyber attacker a predefined amount of money. These warning messages could imitate the FBI, US DOJ or they will proudly display their hackers group. One of the most well known Ransomware's out there is known as WannaCry.
Imagine you get home from work, turn on your computer and find that a message is displayed saying you have 1 hour to pay $1,000 to unlock your files, or lose them forever. More often than not, after you pay the ransom fee via Bitcoin so you can't trace the cyber criminal, they will not release your files from the encryption and you'll be out of money and data. Best case they release your files, but the cyber criminal could have tampered with your computer and anti-malware software to bypass your security protocols and keep undetected access to your machine.
Missouri based Blue Springs Family Care got attacked by ransomware that effected a computer containing roughly 45,000 patient records. The cost of this breach was $408 per patient record, or approx. $18.3 million dollars.
Source: Healthcare IT News
Data theft (also known as a Data Breach) is stealing information in the form of files (data) stored on company servers, workplace computers and even cell phones. Usually done by taking advantage of operating system exploits, email scams, applications with secret intentions or malicious intent by an employee.
Everyone stores valuable information on their harddrive or in the cloud (Google Drive, Microsoft OneDrive, etc). You could have passports, social security numbers, banking information and so much more stored on your computer. If information like that was stolen from you and sold on the dark web, your financial life could get destroyed.
Yahoo, eBay, Uber, Ashley Madison, Target, Home Depot, Sony Pictures and Intel as recently as August 2020. Those are just a few of the biggest data theft breaches in history and are all very much memorable. Between all of those, hackers were able to steal company secrets, credit card numbers, health records, social security, emails and billions of dollars worth of information and real cash.
Phishing is one of the most effective and dangerous types of cyber attacks, yet it's the simplest of them all. It's the attempt to fool someone into sharing private information, most common being your username/password to sensitive accounts by imitating a website such as your bank or favorite social network. Fake emails that look like your credit card bill or cell phone bill with a button that takes you to a fake website is also extremely common. Other tactics are fake social media accounts with names of people that you know to try and persuade you to help by transferring money or giving access to your home. A perfect example: Are you familiar with the longest running phishing scam, the "Nigerian Prince" that wants to give you his inheritance?
You could get an email from the bank saying that there has recently been an error with your account and that they need to update the bank records within the next 12 hours or the account will be frozen. The email would have a button that says "Update Now", so you would click on the button and a website would open that looks like just your bank. After you enter the username and password to login, another screen opens to enter in account numbers and routing numbers, along with another button that says "Save". Immediately after two potential things could happen. 1: Username and password was just stolen, which could be used to gain unauthorized access to your account, or 2: Checking and Routing numbers were stolen, which could be used wire transfer money out of your account that same instant.
Between 2013 and 2017, the accounting departments of Google and Facebook were tricked into wiring approx. $100 million to a cyber criminal in Lithuania. The criminal used fake invoices, emails and corporate stamps to impersonate a large computer parts supplier.
Impersonation fraud attacks, subset of Phishing, are clever attemps to fool you into thinking you're speaking with your CEO, vendors, financial advisor, accountant, etc... These sorts of attacks are typically done through email or social and will almost always end in requesting a wire transfer of money or private data. The FBI has reported in 2016 that Americans have lost more than $1.8 Billion through this cyber attack method.
A cyber attacker could very easily take over your accountants email address, scan through their inbox/sent mails for recent transactions and fool you. You could receive an email from an accountant telling you that the IRS is auditing your account and that you need to send them updated information. Another effect could be a fake email from your friend saying that their phone number got hacked, cannot receive phone calls at the moment and needs help to get their phone unlocked by requesting money.
Mattel, one of the largest toy manufacturers in the world, lost $3 million in 2015 due to a CEO fraud email scam orchestrated by chinese cyber criminals.
Source: CBS News
Hackers is the name of a rouge computer programmer, commonly known as a Black-hat, who has the skillset to modify computer software or hardware for their benefit and your loss. Most hackers are fueled by money, power and ego and will hack for financial gain, political agendas, or more often than not, just for fun.
Every cyber criminal is a type of Hacker, but in general, the effects of a hack could be disasterous. Hackers could destroy your computers, watch your every move through smart cameras in your house, tamper with your smart locks, prevent access to certain websites or even go so far as preventing you from entering your own garage. Hackers could also install programs to monitor your every digital move and use it to threaten you.
Marriott, the global hotel chain, in 2018 was hacked and had 500 Billion customer records stolen.
Source: Fast Company
It will never end. As more and more our lives go digital, we are investing less in learning how to prevent cyber attacks and trusting companies to do it for us. There are so many new attacks being crafted every day to circumvent security protocols that major companies implement. Hacks that involve your smart phone, smart security systems, smart assistant devices, even the webcam on your laptop.
Every time you open the internet and browse, or sit in a coffee shop with free wifi, chances are there is someone already trying to snoop on your life. If you know what to look out for, you can protect yourself.