The cyber threat landscape evolves constantly. As we use technology in new and more integrated ways, hackers, in turn, create new ways to attack our systems and data. Once they gain access, cyber criminals can then sell our valuable data on the dark web or use it in other illegal ways, such as extortion, fraud, or identity theft.
In the past, we have written about common types of cyber attacks and how to protect your business from them. Email phishing and ransomware attacks are often found in mainstream news headlines, unfortunately. Cyber savvy users are increasingly more inclined to be wary of malware. Protecting sensitive login credentials with multifactor authentication is more commonplace, thankfully.
But again, cyber criminals are resilient. They are constantly finding new and unconventional ways to attack and compromise our systems. Likewise, we must also continuously adapt our defenses to respond to new threat vectors.
It starts with awareness – and not just for your IT team. Today’s business leaders need to stay educated on the latest technical threats. Of course, you don’t have to know the technical details, but an understanding of new threats and how they put your business at risk is important. Ask for periodic updates from your IT team or your outsourced IT provider.
Once you know what the threats are, you’re more equipped to make the right IT decisions to protect your business.
Here are five more obscure cyber threats you need to address in your cybersecurity defenses.
Juice Jacking
Are you planning to travel this year? How about your employees? If so, be wary of public charging stations. Travelers and commuters using public transportation sometimes find their device batteries running low. Finding a public charging station can feel like a pot of gold at the end of the rainbow. However, plugging into that station can put you at serious risk.
Juice jacking is the secret installation of malware on a public charging station. Anyone plugging into the compromised station can be infected. The hacker can then gain access to your device, copy and export data and passwords, and take any other disruptive actions. This can all happen without the victim even realizing they’ve been hacked.
If at all possible, stay away from public charging stations. Plug in via your adapter to a power outlet. Bring a portable charger or external battery and your own USB cables as well. In scenarios where you must use a public station, be sure to use a charging-only cable which does not allow the device to send or receive data while charging.
Zero-day Attacks
Zero-day attacks are a type of cyber-attack where hackers take advantage of unknown vulnerabilities in software or hardware. These attacks can occur before the vendor is even aware of the vulnerability or before they have had time to create a patch for it.
Businesses are particularly vulnerable to this type of attack since they rely on a variety of software applications to operate. There have been zero-day attacks on popular software and hardware vendors, including Microsoft, Apple iOS, Google Chrome, and Zoom.
In a zero-day attack, cyber criminals exploit the vulnerability before the vendor has had a chance to fix it. This leaves businesses using the software exposed. To protect against zero-day attacks, businesses should use a layered security approach. Each additional layer increases the level of security defenses. Make sure that software and hardware are up to date, practice good network security habits, limit access to critical applications, and utilize effective detection tools.
Malware-laden Apps
How many apps do you have loaded on your phone right now? If you’re like most people, probably too many to count. We use apps in business, for our personal data, and even for entertainment. And, since virtually everyone uses apps, it is a popular target for cyber criminals to compromise for nefarious purposes.
The bad guys create enticing apps that are loaded with dangerous malware. Although app stores try to keep these compromised apps off the shelf, they do get through. Hackers then market them to unsuspecting users for download.
When a user installs a bad app, their device is infected with malware. The malicious software can perform any number of actions. The hacker could take control of your device, access and export your data, or crash your device. The result of an innocent download can be hugely impactful.
Be selective when downloading a new app. Bad apps have been found in the Apples iOS Store, Google Play, and other official app stores. Research any new app and read through the reviews and ratings. Look at the background of the app developer. The more you know about the app you are downloading, the safer you will be from downloading a malware-laden app.
Malicious QR codes
You can find QR (Quick Response) codes everywhere. They are often used in advertising, retail, food service, and more. I attended a live theater event recently where the cast bios were accessed via a QR code instead of a paper program. There’s even a QR code jigsaw puzzle. QR codes are a very convenient way to share a lot of information in a small space. However, they are also a security risk.
Although those little black barcode-like squares may look confusing, it is quite simple to create a QR code. Anyone can create one online in seconds using a QR code generator tool. Although a QR code made for legitimate purposes cannot be hacked, QR codes can certainly be created for malicious purposes.
A cyber criminal can create a bad QR code and market it to victims. Anyone who scans the code can be a victim. Some malicious QR codes may lead to a phishing attack, or load malware to the device, or send the victim to a potentially harmful website.
Take precautions when scanning QR codes. Be suspicious and never give personal or login information on the pages they direct you to unless the code is from an extremely trusted source. Many times, when you scan the code, it will show you the url before directing you to it. Examine the url closely to determine if it is legitimate. Lastly, use a good QR code scanner that checks for malicious content before opening.
Public WiFi
In our mobile society, we are constantly connected. We browse YouTube on our phones in airport lounges, open our laptops to check on work at our local coffee shop, or do a little online shopping on our tablets while in the waiting room.
If you’re doing this on a public WiFi network without any protections, you are putting your device at serious risk. Basically, your device, and all of its data, is now in the same digital playground as everyone else online. It is quite easy for even a casual hacker to see what you’re doing, and access or export your data.
When connecting to public WiFi, use a VPN (Virtual Private Network) to protect your data. The VPN will give you a secure connection and encrypt your data. If you can’t use a VPN, we recommend using a personal hotspot that is password-protected and locked down rather than connecting to public WiFi.
Get Help to Defend Against Cyber Attacks
It is challenging to stay on top of the changing landscape of cyberthreats. Partner with your internal IT team or your IT service provider to stay abreast of new developments and plan for safeguards. A managed IT services provider like Daystar is focused on preventing data breaches and can help with proactive cybersecurity measures, comprehensive data backup solutions, and compliance needs.
Keeping your employees’ educated on new cyber threats and safe cyber practices is also a key way you can protect your business. Daystar performs regular, online cybersecurity training for all client users to help them learn how to identify a cyber attack and avoid being a victim.
To learn more about our managed IT services and how it can help protect your business from cyber threats, schedule an introductory security call today.
To read more of our posts on cybersecurity, visit our online Learning Center.
Daystar is a managed IT service provider and business technology integrator providing outsourced IT support and strategic planning to businesses and organizations in New Hampshire, Maine, and Massachusetts.
