5 steps to defend against personal cloud hack attacks : Internet Scambusters #907
Not all clouds are in the sky. When it comes to computing, you may have a cloud in your home — and it’s under threat.
And scam threats based on the Coronavirus outbreak also continue to challenge consumers.
We have the latest news on these troubles in this week’s issue.
Let’s get started…
Personal Cloud Disk Drives Face Ransomware Risk + Latest Coronavirus Scams
— Coronavirus Spotlight on Census and Costco Scams
The Coronavirus scammers are still at it! They’ve discovered more new ways of tricking people into either giving them money or letting them into their systems to wreak whatever havoc they care to.
Among the latest Covid scams, we’re seeing them exploiting uncertainties and confusion over the current US Census as a cover for their tricks.
We wrote about Census scams last year (see 2020 Census Scams Have Already Started) but that was pre-Covid-19.
Now the crooks are pretending to be Census workers, claiming they need personal information from victims as part of a Coronavirus data gathering exercise. Emails posing as official inquiries from the US Census Bureau are using the same trick.
The Census doesn’t involve questions about the disease, so if you receive one, ignore it and politely dismiss whoever is at your front door asking it.
You can also safely ignore a fake “Covid-19 stimulus package” from major retailer Costco. The scam comes in an email or text proclaiming “$110 Goodies from Costco.”
Recipients are then asked to click a link to complete a survey, which may then either download malware or steal confidential confirmation.
Costco isn’t offering any such deal. Period.
— Ransomware Threat to Home Cloud Users
Are you in the cloud? That is, uploading or backing files to a remote site? It’s a good way to safeguard your data.
But you can also be “in the cloud” at home. That is, you back up or store to a hard drive that’s actually in your home but is (usually) separately attached to your network rather than sitting inside your PC. And it’s available to everyone on your home network.
This is called network attached storage (NAS). But, because you can usually also access it remotely, that’s to say using your phone or laptop to connect when you’re out and about, it’s often referred to as a home cloud or personal cloud drive.
Because of this great connectivity, NAS systems are also used to store and stream music and videos.
But if you use one of them — as millions of us do — you face an unexpected security risk.
Because the device is connected to your home network and the Internet, it’s vulnerable to hackers and ransomware. And if you don’t think hackers would be interested in your cloud drive, think again. It’s likely got a whole stack of confidential data on it as well as being an entry point to your network.
Experts at anti-virus firm Kaspersky say that the way some NAS systems operate may allow hackers to bypass certain security steps, allowing the crooks to sneak in more easily.
This threat is growing. It was little used back in 2018, but took off last year and, says online tech site ZDNet, a whole range of new ransomware families have emerged especially capable of exploiting NAS security weaknesses.
Malware programs using these tactics almost tripled during the past 12 months, which, says Kaspersky, “signals cybercriminal interest in this type of malware as means of enrichment.”
Most often, the hackers’ main aim is to install ransomware, which locks up access to a computer until a ransom is paid and often beyond that point.
The security firm says the trend is unlikely to fade because it “proves to be very profitable for the attackers, especially due to… users being completely unprepared for them as they consider this technology highly reliable.”
5 Protective Actions
There are several important steps you can take to limit the risk of falling victim to this hack:
- First, as always, ensure your main security software is up to date and regularly runs a full scan (not just a quick scan).
- Ensure that your NAS software is also up to date. This is often overlooked by users. The fact is that most NAS software is frequently updated, sometimes as often as weekly, as new risks are identified.
- Change the default password that often comes with your NAS device. Hackers know them.
- If your NAS comes with its own firewall (which most do) switch it on — though you’ll then likely have to manually let it know who is allowed access.
- Keep a back-up of your data and system elsewhere so that if you do suffer a ransomware attack, you can restore your setup.
Sometimes, managing an NAS can seem like a technical challenge, so it pays to take the time to learn how to use yours effectively and securely. You’ll likely also find many user-friendly forums to help you out.
If all else fails, though, it’s worth considering calling in (and paying for if necessary) professional help to secure your system.
By the way, there are also, of course, security risks associated with using the cloud in the more traditional, off-site way. Check out our previous report at How Safe is Cloud Storage for Your Files?
Time to conclude for today — have a great week!