As the Internet grows to be the thing that cannot be separated in every day live, there must be some serious risks to be considered as internet user, a cyber attack to ourselves. It conducts to steal our data, to break our property of devices or information, to gain money from locking our computer. It is our responsibility to educate ourselves and understand the risks and counter measure it.
Malware is a generic term for a program that can self-duplicate and attack computer to steal or harm its content so that the computer loose its capability and integrity. There are many terms or name to distinguish its attack. Trojan takes information and sends it out, keylogger records what we type, worm duplicates itself to occupy the free space of memory and hard disk, spyware watches our computer activity not just recording our typing but it can access camera, microphone, files, and browsing history, even a full access of our computer.
Moreover, there are attack model like rouge that imitates an antivirus program, backdoor opening the door for other malicious attack, botnet takes control of computer to commence a DDoS attack based on guidance of a Command-and-Control server, and then ransomware that is very famous today for locking important files (even the operating system!) and asking ransom to open it.
On the transportation data, man-in-the-middle attack is launched to deflect and record the internet package without knowing. One of the kind is DNS Poisoning, an attack to a DNS for changing the IP Address information of a website. An internet user that try to access the website will be routed to a website that mimic the real one to gain information like usernames and passwords. Another kind of mitm attack is eavesdropping using hotspot that does not protected by encryption system, like WPA2+AES (WiFi Protected Access 2 + Advanced Encryption Standard). It is the highest standard on protecting hotspot access right now by encrypting all the data using AES algorithm, even though it will slow down your WiFi as a bargain for security.
How can we as an internet user, can ensure the safety of ourselves and our data? Ministry of Communication and Informatics Republic of Indonesia makes a lot of campaign to increase the Internet safety awareness as a safety culture to Indonesia internet user. They encourage us for:
- Using antivirus program and update it database routinely as a basic protection. Even though some malware can be invulnerable by using metamorphic methods, still it will be more secure than nothing.
- Changing default username and password of networking devices. Mirai attack is one of successful example for using a database of default password to infiltrate hundreds of thousand IoT devices on ten or more nations. It than used them to attack various websites and recorded as a biggest DDoS attack in history.
- Ensuring using https mode if we must subside our credit card information or other credential. This mode will makes sure that the connection between our devices to the web is encrypted and the security certificate is valid.
- Never opening link or attachment from untrusted email sender. Immediately report to network administration for blocking this kind of email because it can be a phishing email addressing to attack organization.
- Using VPN program if you do not want someone to trace and sniff your browsing habit. Virtual Private Network will hide your IP Address with theirs.
- Using encryption and digital signature if you want to make sure your email is secure and your file is not changed by unauthorized person. There are many email software that support these for free.
- Having a care on spreading your personal data on the social media. Giving your credential as needed and not saving it on online application.
- Backing up your data routinely and always updating on security information or recent cyber attack so you can act decisively based on the information. The NotPetya attack can only be repaired by reformatting the system, so that if you do not have a backup system, you are so doomed…
- Using only trusted and reliable source of applications, not just freeware or shareware from unknown sources.
- Limiting application access to our devices as needed, not a full access one.
Internet service provider has been already trying their best to protect and secure internet access. The Government is also trying hard to make a data protection regime of its citizen by issuing a lot of regulation. However, it will all come back to ourselves as internet user. We must understand the risk to use free services on the internet, because if we do not pay the product actually, we are the product.