Over the years, new threats in the cybersphere have risen to not only take data but even injure us physically. Granted, technology has transformed our lives. With the arrival of the internet and the concomitant tech advancements (Cryptos, IoT, etc.), life has never been easier. Technology has made it convenient to work remotely, to stay connected with one another, to stay healthy, and many more.
But over time, our reliance on the convenience of the internet has spun a darker side bent on utilizing the system to commit criminal acts. Here are some of the brand-new threats targeting our safety.
Smishing and Phishing
We’ve covered phishing in earlier issues of GADGETS Magazine. Phishing schemes are some of the older tricks in the book, but don’t let your guard down. Reports have indicated a rise in phishing attacks during the pandemic. Additionally, these attacks have been getting more and more elaborate, with cybercriminals having access to more sophisticated methods.
Phishing is an activity where cybercriminals send emails that contain a link directing victims to a fake website. These are usually familiar websites where you typically provide sensitive information such as your bank’s website or your favorite shopping website’s login page. They can get your email address, password, and other login credentials. After gathering your credentials, the criminals will then use the information to access your account on a legitimate website.
Smishing is the same as phishing but this time, attackers are using the SMS protocol to send fraudulent links with worrisome messages to encourage victims to not think twice about the website they’re accessing.
Smishing can actually trick a lot more people since attackers can use third-party apps to spoof the Sender ID. They can pose as your normal Bank message and use that to ask for an OTP or even send you links that contain malware or a phishing website.
We have become so complacent and unsuspecting about SMS threats that we can easily overlook new threats if we’re not careful.
Text spoofing with machines
Similar to Smishing, Text Blast machines are hardware used to spoof the Sender ID and send malicious messages. The difference between this machine and smishing is that the machine sends messages within a specific vicinity regardless of the telco. It’s not as far-reaching as using third-party software, but it can still provide similar damage to gullible victims.
Recently, it was the National Telecommunications Commission (NTC) who sounded the alarm for
these machines, albeit for a different reason. Some machines are able to replicate the emergency notifications reserved for natural disaster warnings. It was a similar machine that produced an “emergency alert” that a certain candidate was about to file his candidacy for the national elections.
The NTC, in an interview with the Philippine Daily Inquirer, declared these devices illegal. However, they were shocked to find how easy it is to access them via e-commerce platforms. Additionally, they are portable and can be used from anywhere and, worse of all, they’re hard to trace as some machines do not need a sim card to work.
Ransomware/Spyware
If there are new threats that are constantly evolving, ransomware is probably it. Cybercriminals often use malware to infiltrate and encrypt your data. After encrypting the data, they’ll ask you to ransom what was encrypted, hence the term ransomware.
Ransomware is continuously evolving, with criminals coding more complicated malware to avoid the
usual detection methods. In 2021 alone, there were a couple of big-time ransomware attacks, including the Colonial Pipeline attack in the US where the attackers hacked an energy pipeline supplying the US east coast. In the end, Colonial Pipeline needed to pay out USD 4.4 million to restore its system.
Now if you think that ransomware attacks only focus on the big guys, you are dead wrong. Groups can attack randomly regardless if you’re loaded or not.
Aside from ransomware which encrypts data, there is also spyware, a malware that infiltrates networks or your personal device with the goal of gathering sensitive data. At the start of 2021, the Solarwinds attacks allowed cybercriminals from Russia to infiltrate several key US agencies and “spy” on their data. It took months before the attacks were discovered. By then, hundreds of private firms and nine crucial federal agencies had been compromised.
Spyware attacks actually occur at a smaller scale than the Solarwinds attack and just gather the victims’ sensitive information. From there they’ll have access to the victims’ bank accounts and other finances, all while being undetected, sometimes for years.
Cryptojacking
Cryptocurrency enthusiasts have not spared from cyberattacks, especially now that prices are skyrocketing. A new type of cyber attack called Cryptojack has been used to steal from victims’
crypto wallets.
But even if you don’t have a crypto wallet, you can still be a victim of cryptojacking, where your PC or device’s performance is hijacked by mining in the background. In essence, they’re transforming your PC into a remote mining rig without your knowledge. Additionally, you won’t get a cent from the attack since the mined crypto will be directed to the attackers.
The only upside is that cryptojacking normally doesn’t damage your PC, but who’s to say that the code used doesn’t have any other malware that can wreck havoc on your device?
GPS tag stalking
If there’s a worrisome trend that seems like it came from George Orwell’s 1984,
this may be it.
When Apple released the AirTag last year, it seemed like it could do no wrong. It was simply a small device that you can inconspicuously attach to your personal belongings so you could track wherever they are. But the biggest GPS tag’s greatest draw also became its most significant threat when cunning criminals repurposed the tracker to stalk victims.
AirTags as well as other GPS tags (like Tile, etc.) have been used by stalkers to track their victims’ every movement. Their inconspicuous nature allows criminals to simply slip them inside a victim’s bag or coat and they never notice it.
Apple has already acted on the issue. iPhone 11, 12, and 13 users can now use precision finding to locate unknown AirTags. They have also warned users that each tag has a unique serial number that can be traced back to the paired device. The company is working with law enforcement to help track down and arrest the criminals responsible for such attacks.
Words by Gabriel Pe. First published in Gadgets Magazine April 2022.