Cyber Security Awareness in 2019: Acronyms and Their Uses

Often, IT professionals get (unfairly!) accused of excessive use of acronyms. FYI: DYK that in DASNR @ OSU we love aconyms too, IMHO. LOL! But cyber security is something we all should take seriously. In this article, we define several phrases or terms you may have seen – maybe some are new to you – and provide a short explanation of their intended harm. In our summary we provide advice on how to guard against the problems. 

Botnets – a vicious network of infected computers that act under the control of the hacker to spread spam email messages, malware, and distributed denial of service (DDoS) attacks.  

Cryptomining – a legitimate looking app is installed to the computer then allows a hacker to remotely harness the computer’s processing power to mine cryptocurrencies. 

DDoS – a botnet army causes a web server to fail due to an overload of requests thereby effectively shutting down the web service. 

Hacking – the act of someone or something gaining unauthorized access to your computer or device through exploits on the computer or device.  

Malvertising – advertising infected with malware

Malware – hackers gain control over your computer or device through infected software downloaded and installed on the device.  

Pharming – visiting a malicious and illegitimate website posing as a legitimate one. When the site visitor clicks on the page, they are redirected to a scam.  

Phishing – similar to pharming, phishing is a method to lure unsuspecting visitors to divulge confidential information such as passwords and banking details, often being presented in a manner that looks official or intimidating to elicit an immediate action.  

Ransomware – a type of malware that infects the computer or device and restricts access to files, demanding payment to regain access.  

Spam – mass distribution of unsolicited messages and advertisements. 

Spyware – software installed on a device that allows personal information to be collected and sent to a remote site; normally uncontrollable pop-up messages are indicative of spyware or malware.  

Viruses – similar to malware, infected email attachments and software downloaded then installed from the internet can infect the device. Once infected, the device can display unwanted ads, scan for personal information, hijack your web browser, and cause other problems.  

Whaling – a specific type of phishing attack that targets high-profile employees in order to steal sensitive information from a company or organization.

Wifi Eavesdropping – a hacker can ‘listen’ on insecure WiFi networks, thereby accessing personal information sent over the network and possibly accessing your device.  

Worms – worms can be spread through the network and attack vulnerable computers and devices that are not updated, effectively shutting down parts of the network.  

How can you protect your computer and device? In nearly every situation described above, the solution is straightforward: 

  • Keep your computer and device updated. When Microsoft, Apple, or Google release updates, make sure your computer or device is being updated. 
  • Install, activate, and keep updated an anti-malware software application.  
  • Use adblock extensions with your browser. 
  • Use a spam filter with your email application. 
  • Before clicking on links in email messages, notice their address and confirm the link is consistent with the sender; look for inconsistencies in the message that would be characteristic of a scammer’s message. 
  • Use good passwords. 

For more information or if you have questions about information presented in this article, feel free to contact Dwayne Hunter or others in DASNR Information Technology.

Additional material and links:

Updates and Upgrades: Do It!

Almost every electronic device we own these days keeps bugging us to do updates or upgrades – our computers, phones, TV’s, cars and most everything else. We receive notifications asking us to install updates, sometimes weekly, and it always seems at the most inconvenient times. But, updates and upgrades play a critical roll in keeping you and your devices safe.

 Updates vs. Upgrades, what is the difference?

An update will modify your current software with security patches, small improvements, and bug fixes. These are what we generally see on a daily, weekly, and monthly basis. They generally don’t take as long to download and install.

An upgrade will make significant changes to the software that operates on your device. This could be the device’s interface – how it looks and its options. Upgrades are not as common as updates and will usually only happen once or twice a year. They are usually larger in size and can take a long time to install.

When should I install these updates and upgrades?

The simple answer for updates: ASAP. I mentioned earlier that these seem to happen at the most inconvenient times. You don’t have to stop what you are doing but you should install updates at a convenient time after you receive notification they are available. Usually I install them right before I go to lunch or at the end of the day. This way I can reboot my computer or device while I am out and it will be ready when I return. In most cases software updates will only take a few minutes, but I have seen them take 30+ minutes. This can happen if you have gone a while without updating your device, your device is old and slowing down, or possibly a large patch to your software is available.

Upgrades usually do not need to be installed ASAP. Software manufacturers usually allow a certain amount of time before they force you to upgrade. They will continue to provide updates for their older version until they feel they cannot support it any longer at which point you, then, must upgrade your software to a newer version so you can receive necessary security updates. Before you do an upgrade you should check to see if your other hardware or software is compatible with an upgrade. Software and hardware manufacturers will usually list compatible and incompatible devices and versions on their website.

What if I cannot upgrade?

There are times when doing an upgrade is not something you are able to do. Maybe the equipment you have attached to your computer will not work with an upgrade. You may not have the money to spend on upgrading software and hardware. You should always consider future upgrades as part of a long-term plan when budgeting but that does not always happen. In these cases, you will want to ask yourself a few basic questions: Do I need this connected to the internet or will I be connecting external devices to this equipment? If you answered yes to either of these you need to find a way to upgrade your equipment.

By removing your device from the internet it makes it less vulnerable from any type of hack or security exploit. This will prevent direct attacks on your device since there will be no connection to the outside world. They could still have indirect access to your device if you happen to connect an external device to the machine. USB flash drives, external hard drives, and other media can become infected and then, when attached to your device, they infect your device. They may not gain remote access to your computer or files, but they could spread a virus or Crypto lock on your files. This could lead to a loss of some or all of your data.

So why is this a significant topic right now?

Well, to be honest, this is a topic that should always be significant. The reason we want to bring it up again now is that Microsoft will be making Windows 7 End of Life (EOL) on January 14th, 2020. This means that Microsoft will not be releasing any more security updates, improvements, or bug fixes. When products go End of Life, it becomes a prime time for hackers to release their exploits to these machines since they know that the software will not be patched any longer and they release any hidden exploits. Keeping up with updates and upgrades are a critical role to make sure you and your devices stay safe.

Information about Windows 7 End of Life: https://www.microsoft.com/en-us/microsoft-365/windows/end-of-windows-7-support