Centric connect.engage.succeed

How Not to Be the Lowest Hanging Fruit That Most “Hackers” Look For

Written by Cosmin Stefanica - 27 April 2018

Cosmin Stefanica
Malware. Keyloggers. DDoS. Phishing. Viruses. Trojans. Clickjacking. Bait and Switch. There is always some hacker out there trying to get you. Cosmin, one of our security experts, offers his tips on how not to fall into a trap.

hacker phishing

Going to DefCamp last year was a pretty interesting experience, especially considering the fact that most of the presentations I went to were primarily focused either on IoT devices or ransomware. And from what I could gather, most attackers are targeting one specific type of device or user: the lowest hanging fruit. For example, at the presentation held by Walter Belgers about lock picking and how it relates to IT Security, he told us about security “levels” of locks. There, we learned that even if there is literally a 30 second difference between one lock standard and the other, a burglar will more often than not choose to break the one rated lower. And that applies to all types of attacks.

Low effort, potentially high reward targets?

A person looking to build a cryptocurrency mining malware will probably not try to target high-end desktop computers because nowadays they are a bit harder to break into. However, smart-enabled appliances like TVs and refrigerators and toasters and what have you aren’t really that protected because they need their computing power to do their primary function, whatever that may be. This leaves you vulnerable.

A person looking to make some money off of a piece of ransomware isn’t going to send their infected emails to the security department of a three letter government agency. Instead, they will send the same email to as many spam mailing lists as possible, hoping that a couple of them get opened. And yes, I know the email attack vector has been outdated for a couple of years, but I needed an example, so bear with me here.

Unless you’re a really important target, if it takes too much effort, you probably won’t be hacked

The point of those two previous concepts was to show you that most attacks are built and then delivered to hit as many “victims” as possible. So, as long as you’re just a little bit more secure than “the other guy” you have a higher chance of being safe. And because the title of this article literally says, “How not to be the lowest hanging fruit”, I’ll give you a few easy things you can do to stay safe:

  1. If you’re connecting to Wi-Fi, never connect to open networks. Even though Chrome will probably have been updated to highlight HTTP pages as “Not Secure” when you’re reading this article, that is not the only way your data can be sniffed via Wi-Fi. Your best bet when you really need an internet connection and you’re not at home is either to use the network on your mobile device or connect to an encrypted wireless network.

  2. While we’re talking about HTTP, this one’s short. Try and avoid plain HTTP websites at all costs. The HTTPS standard has been around for quite some time, so there’s no excuse for companies not upgrading to that.

  3. If you have WPS enabled on your home Wi-Fi router, disable it. Even if the acronym stands for Wi-Fi Protected Setup, it’s anything but protected. Trust me, I’ve broken into it myself. And I’m nowhere near as skilled as some other guys out there that really want to do some damage.

  4. Use longer passphrases than you normally would. And yes, I know that’s an inconvenience, but would you really want your username and password to come up in a leaked list somewhere? No? Thought so!

Honestly, this list could go on for ever and ever, with all kinds of things you could do to protect yourself. From using password managers to generate and safely store your passwords, to building your own custom VPN that would encrypt your traffic so that you could safely connect from anywhere without much fear of people “listening” in on your communications. The bottom line is, as long as you’re adding another level of security, no matter how small, it’s going to make you harder to hack and therefore less likely to *be* hacked. Be safe, and remember, just because you're paranoid doesn't mean they aren't out to get you!


Write Your Comment
  • Captcha image
  • Send