Digital Security Memo
In connection with the expansion of the fronts of information and cyber warfare, we decided to write a small memo-educational program on digital security and the main vectors of attack on Internet users. It will also be useful when the crisis is resolved.
1. Bots
The most harmless, at first glance, threat on the list. We encounter bots every day - they are used to cheat advertising posts, leave positive or negative reviews, and political struggle in the end. Now botnets have become a threat to information security, as they can be used to cause direct harm to Russia and its residents.
Firstly, bots are now being used to spread propaganda and fakes: they create a propaganda post/comment, after which dozens of bots "disperse" it, actively liking and displaying it in the tops of smart feeds. Secondly, bots can be used for mass spam in personal accounts and chats. Thirdly, for mass complaints about the content/user to be banned by the algorithms of social networks or other resources.
In this case, the basic principles of digital hygiene should be applied:
1) check the sources of any information (see links to the sources and the availability of similar information in search Google/Yandex);
2) check the author of the message. Usually bots are either new users or accounts with extremely low activity. In social networks, the basic signs of bots are: stock photos on avatars, easily searched for by search and belonging to accounts with other names; 1-10 reposts of random groups made in the span of 2-3 days and after that complete lack of activity or reposts once in a tight period of time, as if on a timer; friends have dozens of the same pages or banned accounts.
Social networks and other media resources usually try to ban bots, however, if you encounter them, you should leave a complaint about the account and, if it tries to spam you, it will add you to the blacklist.
2. Phishing
Often goes hand in hand with bots. For example, a website distributed by Ukrainians to check whether your relative was captured was actually phishing and collected all the information entered for further spam and blackmail. But more often phishing is used to get your credentials or bank card data.
DO NOT OPEN LINKS OR ATTACHMENTS IN EMAIL CORRESPONDENCE FROM UNKNOWN RECIPIENTS.
DO NOT FOLLOW UNKNOWN LINKS.
DO NOT ENTER ANY PERSONAL DATA ON THE SITES THAT YOU ARE HEARING ABOUT FOR THE FIRST TIME.
EVEN IF A FRIEND WRITES TO YOU, MAKE SURE THAT HE HAS NOT BEEN HACKED.
These rules should be learned by literally everyone, since most of the hacks are carried out using phishing. Encryption viruses are well known to everyone, and not everyone already knows that gullible users who have followed a malicious link usually open the door to them.
3. Unsafe third-party services
Memo on digital security Cat_cat, Information security, Text, Protection, Long-post
Many Internet users use numerous third-party services to automate various actions. For example, there was such a Ukrainian service LeeLoo for collecting contacts in messengers, and then its owner used access to the contact database of his clients and sent propaganda on their behalf. Yes, no one will use this service in the Russian Federation anymore, and in Ukraine they will think three times, since no one is insured that tomorrow your contact base will not be used for patriotic reasons, but purely criminal ones. This leads to a very unpleasant conclusion for the entire IT sector - users need full control over their data and a guarantee that they will not leak to the side.
What is important to us? The fact that you should at least abandon any Ukrainian services, since their owners can just as well set you up. It is also worth considering what data about yourself you are generally willing to give to unknown people, since the concept of reputation in Eastern Europe has not yet caught on. The only guarantee that your data will not be used in the dark is simply not to give anyone access to them. You should understand this and always be aware of the risk.
4. Direct account hacking
You've probably also encountered this case at least once. An attacker picks up a password (often the password is obtained by phishing, see paragraph 2) comes to your page and does everything (sells tanks in WoT and withdraws money quickly, sends spam to your friends list, etc.). To protect yourself, you should:
1) think about a more complex password. Here, heaps of randomizers (including built-in Chrome) help, which create passwords that are very difficult to crack. In addition, it is worth monitoring information about password leaks and if such databases were leaked from the resource you are using (it does not matter if the drain is real or not), then it is worth changing the password in any case;
2) finally put two-factor authorization! In 2022, living without a two-factor at least on your key services is like an offer to an attacker to visit. Yes, this may not save you from a targeted hacking by a professional with the interception of SMS or authorization tokens. But two-factoring multiplies the chances that those who break their teeth on the ball will break off your account;
3) do not log in using a social media account on questionable resources. Attackers can intercept the authorization token and use it to log into your account.
5. Forgotten/insecure accesses
Memo on digital security Cat_cat, Information security, Text, Protection, Long-post
Here we turn to the issues that are relevant, rather, for website owners or small businesses. Check the list of those who have admin or super admin rights on your key resources. Often, control over the accounting of accounts with such rights and their timely withdrawal from work is carried out carelessly. An employee may not have been working in the company for a long time, and his accesses may still be active. And with them, he can arrange a fun life.
Therefore, check all accesses and remove unnecessary/suspicious ones. It is better to delete an extra user and then return his rights to him than to leave a hole in the protection through which anyone can enter. And again, make sure that the exposed passwords are complex.
Also, it's ridiculous to advise, but check that you don't have the factory preset username/password. Very often, they forget to change factory passwords when setting up equipment such as routers and switches, which opens direct access to the internal network for hackers.
6. Hacking the site/infrastructure
Memo on digital security Cat_cat, Information security, Text, Protection, Long-post
Unfortunately, it is also a sign of the times - everyone has heard about the recent hacking of the websites of the country's largest news agencies. There are several attack vectors here.
1. Outdated software in which already known vulnerabilities have not been eliminated. Therefore, it is necessary to update the software promptly so as not to simplify life for hackers;
2. Third-party scripts (metrics, advertising and others). Hacking them will not give an attacker access to the site itself, but will allow instead of a useful script to execute a malicious one - for example, place an advertising banner, slip a phishing link, etc. Therefore, it is worth paying attention to such scripts from partners;
3. Unsafe hardware and software settings. There are a lot of options here, from the factory passwords already mentioned, to more serious vulnerabilities. Ideally, an information security specialist should deal with all these issues. In extreme cases, you can hire the services of a security researcher - a specialist in identifying vulnerabilities, for example, by penetration testing. The latter specialists are generally a must for any serious business, as they are engaged in the search for all possible security threats and vulnerabilities. The task of the pentester is to penetrate the internal networks of the client as unobtrusively as possible and show how to close these security holes.
7. DDOS
Probably many people are now faced with the fact that a Cloudflare plug comes out before entering large popular resources. If you see this, it means that the target site is being subjected to DDOS: an attack using multiple empty or garbage requests, clogging communication channels and increasing the response of the resource.
No one is immune from DDOS today, no matter how fat a communication channel he has. Therefore, services like Cloudflare have appeared, which provide software protection against such attacks. DDOS is not a problem right now - DDOS botnet services can be easily purchased in darknet. So no one is immune from this at all.
8. Program bookmarks
Memo on digital security Cat_cat, Information security, Text, Protection, Long-post
The most dangerous and difficult to detect security problem. But not incredible. For example Rosseti reported (https://t.me/rosseti_official/2405 ) that software bookmarks (methods of external unauthorized access) were found in the equipment of car charging stations supplied by the Ukrainian manufacturer, with the help of which they were hacked and disabled. The situation is atypical, but characteristic - the IBSHNIKI of Rosseti missed such a bookmark and not now, so later the company would certainly have suffered from hacking. Here, again, it is characteristic that such bookmarks can be embedded in a wide range of devices, so that none of the non-Russian customers of the manufacturer is immune from hacking.
How to avoid this? To abandon the equipment of manufacturers from Ukraine, as it may contain intentionally left backdoors. And hire normal information security specialists who would analyze the hardware and executable code for vulnerabilities.