Most are aware that some items are more likely than others to have their data compromised. We know we shouldn’t open that email promising us we’ve won millions or to open sensitive information on a public computer, such as at the library.
But as the hackers become smarter and the world more digital, it is worth a look at some of the most common pitfalls for hacking.
File extensions
Many employees receive dozens, if not hundreds, of emails per day, and it is easy to mindlessly open an email attachment without thinking, especially if the email is reportedly from a trusted colleague. But an attachment with a Microsoft Office file could spell trouble if one isn’t careful.
The infamous Office Macro, in which hackers embed harmful code into a Microsoft Office file that is then distributed, is still a problem for many users, experts say.
“It appears that Microsoft Office Word documents and Excel spreadsheets remain the favored attachments,” Hewlett Packard Enterprise’s 2016 Cyber Risk Report reads. “Many businesses use these programs to conduct day-to-day operations, which provides a broad user base for attackers to target.”
While fewer people nowadays will run a program from someone they don’t know, it is still common practice to open a document or attachment from an unknown source, HP says.
Microsoft appears to be working to address the macro problem. In March, the tech giant rolled out a new feature in Office 2016 that can stop macros from loading in high-risk scenarios.
“The enduring appeal for macro-based malware appears to rely on a victim’s likelihood to enable macros,” Microsoft said in a statement. “Previous versions of Office include a warning when opening documents that contain macros, but malware authors have become more resilient in their social engineering tactics, luring users to enable macros in good faith and ending up infected.”
Microsoft isn’t alone in its hacker troubles. While Office has long been on the hit list for hackers, the increasing prevalence of Mac users could put even the seemingly invincible software at risk.
“Usually only Microsoft Office, Adobe PDF, and graphics files are targeted,” McAfee’s 2016 report read. “In 2016 we predict that other file extensions typically found in business environments will also become targets. … We also expect ransomware to start targeting Mac OSX in 2016 due to its growing popularity.”
Many of OS X’s hacking issues stem from potentially unwanted applications that are installed alongside normal apps, allowing malware through. Worst of all, research is showing that even Apple’s famously tough malware protection may not be 100 percent able to stop malware.
“Although the malware protection module Gatekeeper, built into the OS X operating system, is improving with every new release, this year has seen a few successful attacks designed to bypass it,” HP’s report read.
2. ATMs
Although they’ve been around for decades, automated teller machines continue to be a source of vulnerability for users and a source of easy money for hackers. ATM malware is not a new fear, HP says, but a rise in skimmers and other methods of stealing credit card numbers has made ATM-hacking an ever-worsening problem.
“While there’s no definitive answer as to what contributes to the rise of ATM malware, it is likely that an aging ATM fleet plays a significant role. The ease of access to the inner workings of certain ATMs and their locations contribute as well,” HP’s report said.
In addition, low-tech mistakes also seem to play a role. HP noted that many attacked ATMs were located inside convenience stores, many of which are open 24 hours a day and make it easy for hackers to install a skimmer or other device when few people are around to notice.
3. Mobile payment systems
Credit card theft has continued to prove a problem over the years, but the recent increase in people using mobile payment services like ApplePay or Venmo has led to difficulties in keeping sensitive data safe, and will likely continue to do so in 2016.
The Global State of Information annual survey put out by PricewaterhouseCoopers shows that in 2015, 57 percent of survey-takers said they use mobile payment systems, which are already becoming mainstream.
“This shifting environment will likely bring unanticipated cybersecurity threats and broaden the cyberattack vector,” the report reads.
While some who use smartphones to pay for things may feel safe if the payment system uses a token instead of an account number, as PwC says, the future of mobile payments will likely lie in taking the payment service out of the equation, Executive Vice President of Global Payments Guido Sacchi said.
“Uber has essentially made the payment step disappear from the entire user experience,” Sacchi said. The taxi alternative uses a card on file to automatically bill the customer, taking out the middleman of a credit card or an app.
Until more businesses stop relying on login information, Raj Samani of McAfee foresees an uptick in attacks on information, rather than petty cash.
“Given the plethora of payment methods, most of which still require usernames and passwords, credentials have become very valuable,” Samani said. “Payment system cybercriminals will increasingly focus on attacks that lead to the theft and sale of credentials.”
Hackers and security measures are always competing to outsmart the other. Each year, new technologies are developed to access sensitive information and to protect it. While it is unlikely that a foolproof way to deter hackers will ever be developed, it is important for people to be aware of the vulnerabilities they may be opening themselves up to.
