Articles

Analysis of cyber attacks and best practices to prevent them

By September 12, 2022 No Comments

São Paulo/SP – September 12, 2022. How can users protect their data, not fall into scams, robberies, social engineering, among other cyber attacks?

*By Cleverton Lima

In current times, technology has been evolving exponentially and with this evolution, there is a tendency to have more forms of information theft. In addition to new tactics, the old blows returned to circulate. In this scenario, how can users protect their data, not fall into scams, robberies, social engineering, among other cyber attacks?

Among the most used attack techniques, there are those that require little technical knowledge to be carried out. Contributing to an increase in the number of attacks and at a speed that can keep up with the new technologies that appear in the world. Many attackers use a form of bait for their scams, things that catch people's attention, promising financial benefits, job vacancies, sweepstakes and many people are attracted by tempting proposals, they end up entering their data that go straight to scammers, who use data in a variety of ways, most often for financial profit.

More recent data from Cert.br shows that, in 2020, the total number of reported fraud-related incidents was 30,580. That is, incidents in which an attempt to gain an advantage occurs.

Tabela representando a incidência de cada tipo de ataque em cada mês no ano de 2020

Table representing the incidence of each type of attack in each month in the year 2020

Fraud attempts for financial purposes involving the use of Trojans accounted for 3,21% of this total. On the other hand, fake pages, which also aim for financial gain, had 85,15% of attempts and other types of Phishing with 11,64%, as shown in the image below:

Incidentes Reportados ao CERT.br

Incidents Reported to CERT.br

This shows that most fraud incidents use techniques that aim to trick the user with pages that simulate some known website, such as a bank, for example. In most cases, the victim is induced to enter information, which is sent to criminals who use this data to obtain some financial gain with the name of others, accessing their accounts and making transfers, payments of online shopping slips, loans, order of credit card among other more varied known scams.

This emphasizes that most of these scams can be easily avoided if people have the knowledge to identify fake pages, among other scams that are given by deception. That is, even in ultra-secure systems, in the technical aspect, attackers use various methods and mental triggers to deceive the victim and take advantage.

For this reason, mass dissemination of educational content is necessary so that people can know all the dangers that exist and take measures to protect themselves.

Check out the top tips to protect the privacy of your data:

Keep programs up to date:

  • Keep your antivirus software up to date and especially don't access suspicious websites, or download files from unknown sources. Also, beware of fake apps even on official stores. Fake programs may contain Malware designed to damage and/or perform other malicious activities on the infected device, usually with the intention of gaining some illicit advantage or to cause the target to lose.

Secure passwords:

Imagine the situation: You use the same password for all the websites and registrations you have, and one day, one of the promotional travel websites you use was hacked, and your email password was leaked.
Now all your social networks, sites with registered credit cards, bank sites, are all vulnerable, just someone uses your email and password on several sites, trial and error, until the worst happens.

To avoid this type of problem, several actions can be taken when creating your password:

  • Do not use obvious patterns or sequences, such as dates or names of close people;
  • Use symbols, numbers and letters to increase password complexity;
  • Do not use the same password for several different websites and applications;
  • Where available, use two-factor authentication for added security.

Privacy:

Your privacy is one of the greatest rights you have. And that's why it's extremely important to know what risks the internet brings to your privacy and how to prevent it from being violated:

  • Be aware of who and how you share your personal information;
  • Be careful with what you post on social media, posts related to your routine and what places you go might not be shared on an open profile;
  • Be careful what permissions you grant to websites and apps, and avoid installing unknown or modified apps.

That way you protect your privacy, and prevent malicious people from taking advantage of you.

Buy online securely:

  • The first thing to check on a website is its authenticity. Check if there is protection HTTPS (Green Padlock);
  • Make sure the site is the official one. Fake pages may use a very similar name or an unusual domain;
  • Before buying, search the internet for more information about the company or website and look for reports of fraud that may be involved. Just type “Company Name + Complaint” or “Website Name + Trusted” to search. This allows you to find out what other customers are saying, how the company treats them, and identify potential issues. Never forget that the opinions of others are just one of the indicators by which you can draw your own conclusions;
  • Look for information about the physical address of the store, the name of the company that maintains it, CNPJ number, contact number and email. If the company provides complete details on the website, it means that they have nothing to hide and you can contact them if necessary. In addition, you can view additional information: Use the Cadastro Nacional de Pessoas Jurídicas (CNPJ) number provided by the store. Do a quick search on the Federal Revenue website and check if the company name is similar to the name on the Federal Revenue's CNPJ. If you want more confirmation, in addition to everything already recommended, you can contact the store using the data provided on the store's website.

— Cleverton Lima is a SOC Analyst at [SAFEWAY]

How can we help?

THE SAFEWAY is an Information Security consulting company recognized by its clients for offering high value-added solutions through projects that fully meet the needs of the business. In 14 years of experience, we have accumulated several successful projects that have earned us credibility and prominence with our clients, who largely make up the 100 largest companies in Brazil.

today through 25 strategic partnerships with global manufacturers and our SOC, SAFEWAY is considered a one stop shopping with the best solutions in technology, processes and people. We have both the technical skills and the experience necessary to assist your company in the process of structuring controls and preparing the environment for the implementation of an ISMS, SGS or SGCN and, consequently, certification of operations, services or companies to the ISO27001, ISO20000 or ISO22301 standards.

In order to support companies in this process of evaluation and adaptation to the requirements of the LGPD, [SAFEWAY] has in its portfolio of services, the Cybersecurity Health Check whose objective is to carry out a diagnosis of the CyberSecurity, Information Security and Data Privacy implemented in your company, contemplating the pillars of Law SuitPeople and Technology.

through the Cybersecurity Health Check, risks associated with information security and privacy of internal processes and activities are identified, existing controls and new controls evaluated according to the size of your organization to increase the level of maturity and compliance, in accordance with good information security practices. If you would like more information, contact one of our experts!