Having reviewed in depth the cybersecurity threats that have been facing consumers worldwide in ReasonLabs’ 2023 State of Consumer Cybersecurity Report, there are some key takeaways that home users need to know when it comes to personal cyber security for their devices.
As with 2021, the top spot for cyber threats in 2022 was once again held by Trojans. Infostealers, coin miners, backdoors, RATS, and spyware round out the top 5 Trojan family detections from the past year.
But what else is new? Let’s focus on the threats to look out for in 2023:
Malicious extensions
Malicious web extensions are becoming more and more prevalent, especially in the United States. 15% of malicious extensions that ReasonLabs detected throughout 2022 came from users in the U.S. Home users must be made aware of the threats certain malicious web extensions can generate e.g. search hijacking and adware.
Search hijacking, or browser hijacking, occurs when a third party sneaks files into your computer and alters your browser’s settings without your permission. These changes help the hijackers make money by forcing you to view ads, click on paid links, or disclose private information. Additionally, having access to the content of all visited websites allows an attacker to steal credit card details, cookies and other sensitive information from the targeted device.
Some warning signs that your browser has been hijacked include: If you are unable to change your home page, and / or if you are having issues removing a toolbar, or changing your search settings.
What Can You Do?
Check your settings – it is recommended to disable extensions that may be malicious, or delete them entirely. We also recommend using software such as ReasonLabs ’Online Security, which protects your device from malicious browser extensions.
Online Piracy
The rise in HackUtilities detections from 4% in 2021 to over 20% in 2022, as well as recent outside research, shows that online piracy is either at or near an all-time high. We have deduced that the reason behind this lies in the fact that home users are resorting more and more to the use of pirated or cracked software and applications, no matter where they are in the world. HackUtilities can cause issues such as high CPU usage, application errors, and possible virus infection.
What Can You Do?
Avoid using cracked software or pirated applications. Only make purchases from legitimate online vendors. Check the dates of the software and license before you run it.
Home Network Vulnerabilities
As businesses improve their cybersecurity practices and adopt next-generation technology, attackers are switching their focus to the home user. This ramping-up of security from businesses makes them harder to attack, so home users are seen as weaker, easier targets. The continuation of the work-from-home employment model has also given attackers a new entry point into the corporate network – often home networks are far less secure and are proving to be a viable new window into corporate networks.
What Can You Do?
If you are working from home, use a VPN such as RAV VPN, that will protect your network privacy. Businesses should also remind employees to be aware of the legitimacy of email addresses and requests for network access, in order to avoid spear phishing or whale phishing attempts.
Ransomware
The 2021 launch of the Ransomware and Digital Extortion Task Force in the United States, along with newly promoted government legislation around companies engaging in ransomware demands, is increasingly forcing attackers to deploy ransomware on home users instead of large corporations. Unfortunately, this trend is likely to continue and plague home users for years to come.
What Can You Do?
Take positive action to employ an Endpoint Detection and Response (EDR) system that can detect and stop ransomware threats. Avoid becoming a victim of ransomware: do not click on suspicious links or attachments, and do not use unverified USB sticks.
The Metaverse
Technologies such as the Metaverse, IoT devices, and more were once thought of as science fiction. Those technologies have now firmly arrived, and brought alongside them next-generation cyber threats, such as the Metaverse attack vector identified by our researchers earlier this year. It’s still unclear where exactly the Metaverse is headed or what it may contain – so the cybersecurity risks in this arena could be far-reaching.
What Can You Do?
Home users must be educated on next-generation threats surrounding these technologies before they test out anything new – be it a VR device, or a nanny-cam teddy bear. Additionally, antivirus providers must update their systems to include protection against these potential vulnerabilities and security holes.
CaaS
Crimeware-as-a-Service or Cybercrime-as-a-Service (CaaS) refers to the practice of providing cyber products and services to other criminals to facilitate large-scale attacks. This ecosystem is on the rise and more CaaS products are emerging daily. These products and services are typically focused on delivering ransomware, malware, phishing threats, and more. Many are extremely easy to use and are being deployed against home users worldwide.
What Can You Do?
As mentioned above, users need to pre-empt cyber threats so that they do not become targets. Make sure the software on your devices is patched and updated regularly in order to avoid security holes.
Phishing
Phishing remains the leading malware distribution method affecting home users and remote employees. Phishing attacks stayed just as prevalent as they were in 2021, and show no sign of slowing down. Whether the delivery method is via email, SMS, or the weaponization of Office Documents, phishing threats continue to torture home users.
What Can You Do?
Phishing education must be brought into the spotlight so home users can better decipher what is a legitimate message or request, and what is a phishing attempt. Signs to watch out for include illegitimate requests for money, requests for personal information, bad grammar and spelling errors, and unlikely URLs.
Cyberwarfare
Cyberwarfare is a key issue affecting home users today. Cyberwarfare is generally thought of as a nation-state attacking a nation-state. However, the consequences often trickle down to average citizens who do not usually engage in war. There have also been increasing reports of the direct targeting of citizens and civilians in cyberwarfare campaigns by nation-states in recent years, including in the United States, Ukraine, and other countries.
What Can You Do?
The most important way you can really protect against cyberwarfare as a home user is to continue to employ all of the best practices mentioned above: an excellent next-gen EDR solution for your device, regular updates and software patches, and education and awareness around phishing tactics.
2FA
The bypassing of Two-Factor Authentication (2FA) continues to rise and is expected to be exploited more and more in the coming years. In fact, getting around 2FA is becoming so prevalent that we predict an upcoming shift in the industry to include three- or even four-factor authentication, instead of just two. Home users must be made aware of these threats and implement as many factors of authentication as they can.
What Can You Do?
Use a Password Manager to securely store and manage all your passwords across multiple sites. With a password manager, you can choose one Master Password that only you have the ‘key’ to – and you will know if any of your passwords are compromised. Password managers also remove the irritation of needing to remember a bunch of different passwords for all your important accounts, as well as keeping your information secure.
Trojans
Last but not least – as mentioned above, Trojanized software continues to be a top threat to home users and remote employees. In 2022, Trojans accounted for 30% of all detections affecting home users.
What Can You Do?
Home users must ensure they are using an excellent next-generation antivirus to detect and protect from emerging threats. AV providers must always be updating their systems to recognize attacks stemming from Trojans and stop them in their tracks.
In some cases, consumers can go on the offensive. In others, defense is our best bet. The important thing is to be aware of what cyber threats you may face so that you can counteract them.
For a more detailed look at the data compiled by the researchers at our Threat Intelligence Center, and an in-depth review of these major threats, you can download the ReasonLabs State of Consumer Cybersecurity 2023 report.
For more information on ReasonLabs and the cybersecurity products mentioned in this article, visit us at: www.reasonlabs.com/