October is upon us, escape room / puzzle lovers! With summer coming to a close, nights getting longer and Halloween creeping up on us, there’s only one thing that could be on everyone’s mind … cybersecurity!
Confused? Don’t be. As well as being the spooky season, October is also Cybersecurity Awareness Month. It’s especially important that we observe this month-long event this year, as the world has seen a significant uptick in cybercrime attacks during the COVID-19 pandemic. With so many of us working remotely, and many large organizations rapidly expanding their remote work accessibility — it’s been to the detriment of their security measures. Cybersecurity experts have reported huge spikes in malware attacks, phishing campaigns and more throughout 2020 and 2021.
All of which makes this the perfect time to remind people about some best practices to protect ourselves and our workplaces from bad actors online! We may treat hacking like a game — we literally made a fantastic game called Hackfiltration that you should try — but being hacked is no fun at all. So to that end, and in the spirit of the spooky season, we’ve compiled a list of five common boogeymen of the digital landscape and how to protect yourself from them.
Password Spraying – A type of brute force attack, password spraying is the act of trying common passwords like “password” or “12345” on a large volume of user accounts on a network, hoping for a hit. It’s the digital equivalent to going down a hallway jiggling all the doorknobs to see if any doors are unlocked. Creepy – but effective! Weak passwords have always been a perennial favourite point of access for bad actors, and the best defense against this kind of attack is to make sure all of your passwords are unique and incorporate mixes of upper and lower case letters, numbers and symbols. Also, use two-factor authentication where possible — the more difficult you make yourself to take advantage of, the less likely you will be worth the trouble to the average cybercriminal.
Phishing – We’ve probably all seen a scary movie where an innocent interaction with a stranger led to a far more sinister outcome than expected for the protagonist. Phishing is just that in a digital setting; a bad actor taking on the unassuming guise of a marketer with an offer of something free, a representative from a phone company or internet provider asking an innocuous question, or some other harmless-looking presence in your email inbox. These sorts of attacks hope to harvest personally identifiable information they could use to impersonate their victims with banks, their victims’ employers, government agencies and so on. The number one defense against phishing scams is a healthy suspicion of any unfamiliar email sender asking personal questions: as a rule, vet any stranger asking for information about you on the internet very carefully!
Spear Phishing – The more sophisticated and targeted sibling to phishing attacks, spear phishing is a phishing campaign targeting a specific individual in order to gain valuable information from them, often by impersonating a person or organization that the intended victim would trust – maybe a significant other, their boss at work, or a family member. What could be creepier than a trusted friend, colleague or organization being replaced by a malevolent mimic looking for prey? Like a phishing attack, your best defense is a mix of heightened awareness and healthy suspicion of unusual communications, requests that you download files to your computer, or inquiries about personally identifying information.
Malicious Domains – In horror movies, characters often fall prey to an innocent-looking location that hides a terrible secret – from haunted hotels to roadside attractions run by hungry cannibals, they all seem harmless enough until the victims-to-be step through the front door. A malicious domain is the internet equivalent; an innocent-looking website hiding a payload of dangerous misinformation or worse, viruses waiting to infect your computer. Once again, situational awareness is your friend – misspellings in the website URL, expired security certificates, or dodgy-looking download links are all red flags for potential traps! And speaking of viruses …
Malware – One of the oldest and most pernicious monsters of the internet, malware comes in a multitude of forms. Trojans, spyware, ransomware and so on, they all exist to infect your computer and/or network with dangerous code designed to take advantage of the victim, whether it’s to cause damage to a computer system, get access to the victims’ banking information, spy on the infected machine’s users, seize control of the device entirely or worse. These are the zombie viruses of the online world – if you get bit, you’re most likely infected. And just like a zombie apocalypse, your best defense is not getting infected in the first place. Malware can hide in suspicious files attached to emails, the aforementioned malicious domains, and a multitude of other places, so your best strategy to avoid this is a combination of reliable antivirus software, vigilance and good old situational awareness.
Hopefully these tips will help reinforce good online security during October – I just hope it wasn’t too scary! Also, if you’d like to try your hand at some lighthearted hacking-themed puzzles, take a look at our virtual escape experience Hackfiltration to get a … slightly fictionalized taste of what it was probably, maybe, sort of like to be a hacker in an earlier, more neon-drenched era of the internet. Stay safe this spooky cybersecurity season, puzzle breakers!