If you care about the safety of Internet life, ensure all (I mean, all) web access credentials, including your banking apps, have multi-factor authentication enforced.
Cybersecurity researchers and managers are prone to attacks. In short, malicious attackers would want to first have access to the security manager’s device. The reason is that security managers are the custodians of the company’s IT security and network configuration information. Successfully attacking a security manager leaves the company’s entire network vulnerable.
The security software on my desktop computer expired some weeks ago. For some reason, I was unable to renew it immediately, so the signature database became obsolete.
6 weeks later, I renewed my security software, updated its signature database, and conducted a holistic (deep scan, otherwise called a full system scan). The security software reported it found a threat, analysed the threat, and pointed me to the fact that the threat (Trojan) was a keylogger.
A keylogger is a malicious malware authored by hackers. They usually embed it as a script in some vulnerable websites. When the site visitor clicks links on the website, the script gets downloaded and installs itself in stealth mode on the target device.
Once it has become resident in your device, it captures all your keyboard strokes. It could capture and record all the keystrokes made on your device, and the log is transferred to the malicious attacker once there’s an Internet connection.
Now, you see, the attacker can access all your web service login credentials.
How he will succeed in attacking you depends on the level of your compliance with implementing adequate security measures.
My Recommendation:
1. Implement multifactor authentication (2-way authentication) across all your web services.
2. For Facebook users, avoid logging in to Facebook via a web browser and use the app.
3. To harden your security, use the Authenticator app to add an extra security layer to your security arsenal (don’t rely on your own SMS OTP alone).
On this particular day, I saw several OTPs coming to my phone requesting authentication that I didn’t initiate. Although I was not bothered because I have effectively implemented multifactor authentication across all my web services, it is now clear to me that the hacker had successfully captured my login access information for that web service, but bypassing the authentication poses a challenge to him. When I noticed that, I quickly changed my login details for that service.
Be safe.
Destiny Young
Cybersecurity Leader
