This month is National Cyber Security Awareness Month. Each week within October will take on adifferent theme, with this week's being 'Mobile'. So, with that in mind, we thought we'd prepare some tips to help keep your smartphone safe.
Top 5 threat protection best practices
Trend Micro predicts that there may be as many as a million Android malware threats by the end of the 2014. What's going on here? Make no mistake about it, there are REAL ANDROID MALWARE PROBLEMS. (Credit: Juniper Networks) Part of it is that Android is being targeted because it's extremely popular. The research company Canalys found that Android is running on 59.5 percent of all smart mobile devices that were shipped in the first quarter of 2013.
YES, YOUR SMARTPHONE CAMERA CAN BE USED TO SPY ON YOU...
Yes, smartphone cameras can be used to spy on you - if you're not careful. A researcher claims to have written an Android app that takes photos and videos using a smartphone camera, even while the screen is turned off - a pretty handy tool for a spy or a creepy stalker.
Free Security Scans - Find threats your antivirus missed
Malware is complex, seemingly everywhere and is often difficult to stop. It knows how to find your data,even on your mobile device and Mac. You can't ignore your the safety of your devices any longer: you need to recognize and stop these threats before they do MORE harm.
MALWARE ATTACKS ON ANDROID DEVICES SEE 600% INCREASE IN 2016 / 2017
Malware targeting the Android platform is exploding, with a 600 percent increase in just the past 12 months. That statistic is among the findings of a new study--Mobile Security Threat Report--unveiled last week at the Mobile World Congress in Barcelona, Spain.
Kaspersky Lab has picked up on a large-scale distribution campaign of the infamous mobile banking Trojan, Asacub.
Researchers at the company estimate Asacub is reaching 40 thousand individuals each day. Although the Trojan is primarily aimed at Russian users, it has also hit users in many other countries, including Germany, Belarus, Poland, Armenia, Kazakhstan and the US.
According to Kaspersky, Asacub was discovered in 2015, and has evolved over the years. Its erlier iterations were closer to spyware than banking malware. They could steal all incoming SMS messages, irrespective of the sender, and upload them to the intruders' server. The functionality of the latest Asacub modifications help attackers gain remote control of infected devices and steal banking data.
Over the last year, Asacub authors have been upping their efforts and conducting large scale campaigns for its dissemination, to the point that it has held the leading position among mobile banking Trojans for the past twelve months.
Researchers say the reason behind its continued sustainability is that the domains of its command server change, and there are disposable phishing links for downloading the Trojan.
How it works
Asacub is distributed through phishing SMS messages, which invite victims to view a photo or MMS message. If the victim's device settings permit installations from unknown sources, Asacub is able to install itself on the target device as the default SMS application.
In this way, when a new SMS message arrives, it can transmit the sender's number and message text to the intruders' command server. Asacub can withdraw funds from a bank card attached to the phone by sending SMS messages for transferring funds to another card or phone number, and it can intercept SMS messages from a bank containing one-time passwords.
Tatyana Shishkova, malware analyst at Kaspersky Lab, says the Asacub Trojan highlights how mobile malware can function for several years with minimal changes to its distribution pattern.
"One of the main reasons for this is that the human factor can be leveraged through social engineering: SMS messages look like they are meant for a certain user, so victims unconsciously click on fraudulent links. In addition, with regular change of domains from which the Trojan is distributed, catching it requires heuristic methods of detection," she adds.
Better than cure
Kaspersky advises users to follow several steps to avoid getting infected with mobile banking malware:
Only download applications that are from official resources;
If possible, disable the installation of applications from third-party sources in smartphone settings;
Never click on links from suspicious or unknown senders;
Install a reliable security solution to protect mobile devices.
Cybercriminals have created various methods to trick people into downloading viruses or malware onto their laptops, tablets, and smartphones.
The latest form is smishing, another tool used by cybercriminals to obtain personally identifiable information and steal identities by infecting your smartphone through texts or an SMS message. The software’s malicious intent comes in the form of viruses, ransomware, spyware or adware.
The term “smishing” is a mashup of SMS (short message service) and phishing, which is when fraudsters utilize malware by sending emails which mimic a trustworthy source such as credit card company, financial institution or retailer. Unsuspecting consumers mistakenly open the email and click on the links, allowing the malware to be activated.
When people click on the links, the fraudsters can trick them into sharing their password, credit card numbers or other personally identifiable information such as Social Security numbers.
Now growing in popularity, fraudsters often deploy smishing because too many people are unaware of this new type of fraud and trust text messages more than the emails they receive.
The fraudsters are following a similar strategy when it comes to phishing and rely on social engineering to get more people to give out their personal information. The smisher wants to obtain passwords, credit card information or your Social Security number to sell them on the darknet, a.k.a. the dark web.
If fraudsters are able to obtain your personal information, they can steal your identity and apply for credit cards and loans while pretending to be you, which can greatly affect your credit score.
Some smishers have deployed a tactic of telling people that if they fail to click on the link and provide their personal information, the company they’re pretending to be will start charging daily for the service. These fraudsters will attempt to fool you into thinking they are a legitimate source you would normally use or trust.
Ignore all messages that seem bizarre or are from companies where you did not sign up for text alerts.
How to Prevent Smishing
These two words will help you avoid smishing attacks: Delete and block.
Just like emails, don’t reply to texts to people who are not in your address book. There are too many incidences of fraud and the headaches of identity theft are not worth it.
When a text message or SMS comes from a number such as “8000” and does not resemble a standard phone number, skip them. Those are simply emails that are sent to a smartphone.
As more and more people share links from articles, videos or social media, it is easy to just click on a link. Skip the ones from people you do not know. If the link looks suspicious or out of character to be coming from that particular friend, ask them if they sent it.
Protecting Yourself From Identity Theft
If you communicate through your mobile device frequently or use it to watch videos or movies, consider adding a VPN to your phone. A VPN is virtual private network and prevents fraudsters from seeing your activity on the Internet.
VPNs can be used on a person’s mobile device, laptop or computer and is useful when you are accessing the Internet from a public network at an airport, retailer or hotel.
The risk of using public WiFi is high because criminals routinely intercept people’s sensitive and personal data as they are paying bills or shopping. The public networks are being watched by hackers so they can steal passwords and identities and install malware.
Adding a VPN will shield both your activity and personally identifiable information. While some VPNs are free, others can be purchased, but people should conduct due diligence before downloading one.
Since smishing is occurring more frequently, it is good practice to check your credit report on a regular basis to see if a fraudster tried to open a new credit card or another account in your name. Consumers can obtain one free credit report from Experian, Equifax and Transunion every 12 months at AnnualCreditReport.com. You can also get a free copy of your Experian credit report and dispute anything inaccurate on it here on Experian.com.
Cybercriminals keen to exploit the cryptocurrency boom are increasingly attempting to infect mobile devices with cryptocurrency-mining malware -- and they're even using the official Android app store to do so.
Researchers at Kaspersky Lab have uncovered multiple malicious cryptocurrency-mining applications being distributed via the Google Play store, with the miners posing as games, sports streaming apps, and VPNs. Some of these have been downloaded more than 100,000 times.
While the applications appear to provide legitimate functions, their real purpose is to secretly use the CPU power of the device to mine the cryptocurrency Monero.
Illicit cryptocurrency-mining has grown in popularity this year and, while mobile devices have far less power than a PC for illicit mining, there are billions of smartphones around the world and they're an easy target for attackers. That's especially the case given how easily users can install apps.
"Cybercriminals are banking on compensating for smartphones' poor performance and mobile miners' easy detection through the sheer number of handheld devices out there and their high infectibility," said Roman Unuchek, security researcher at Kaspersky Lab.
Researchers found the most common mining apps to be connected with soccer, with a Portuguese-language match-streaming app being one of the most commonly downloaded. The app fulfils its advertised function of allowing users to watch broadcast football matches, while also discreetly mining in the background.
A common tactic applied by the attackers is to hide a Coinhive JavaScript miner within the malicious apps. When the users launch a broadcast, the app opens an HTML file with an embedded JavaScript miner, which converts the streamer's CPU power into a tool for mining Monero.
Researchers say the soccer-streaming miner was distributed via Google Play and downloaded by over 100,000 thousand users, mostly based in Brazil.
Another popular means of distributing miners via seemingly legitimate apps is to embed it within applications used to provide VPN connections.
Researchers found that a cryptocurrency mining app called Vilny.net has been downloaded over 50,000 times, mostly in Ukraine and Russia.
Those behind Vilny have tailored the app to monitor the battery charge and temperature of the device, allowing the attackers to control the CPU usage to avoid the high temperature associated with extensive battery use -- in order to ensure the user doesn't notice any suspicious activity and connect it with the app.
Other apps weren't as advanced, simply posing as games and other popular programs while secretly mining cryptocurrency. Some also duped the users twice, by also showing the users ads which don't go away until they're clicked -- providing the attackers with another source of revenue.
The majority of these simple cryptocurrency miners were distributed via third-party sites, although one called Zombie Fun was found in the Play Store.
It all points to how the threat actors behind malicious mining apps are upping their game in order to deceive people into acquiring cryptocurrency for them.
"Authors of malicious miners are expanding their resources and developing their tactics and approach to perform more effective cryptocurrency mining," said Unuchek.
"They are now using legitimate thematic applications with mining capacities to feed their greed. As such, they are able to capitalise on each user twice -- firstly via an ad display, and secondly via discreet cryptomining."
Kaspersky Lab informed Google of the malicious apps, which have now been removed from the Play Store. ZDNet has attempted to contact Google for comment, but hasn't received a response at the time of publication.
In order to ensure their smartphone doesn't become infected with a cryptocurrency miner, users should only install trusted apps and keep their device up to date in order to reduce the risk of an attack.
Nonetheless, the sheer number of mobile devices available for criminals to potentially target means they'll remain a popular outlet for cryptocurrency mining for the time being.
What is malware? Everything you need to know about viruses, trojans and malicious software
Cyber attacks and malware are one of the biggest threats on the internet. Learn about the different types of malware - and how to avoid falling victim to attacks.
What is malware?
Malware is shorthand for 'malicious software'. It is software developed by cyber attackers with the intention of gaining access or causing damage to a computer or network, often while the victim remains oblivious to the fact there's been a compromise. A common alternative description of malware is 'computer virus' - although are big differences between these types malicious programs.
What was the first computer virus?
The origins of the first computer virus is hotly debated: for some, the first instance of a computer virus - software which move from host to host without the input from an active user - was Creeper, which first appeared in the early 1970s, ten years before the actual term 'computer virus' was coined by American computer scientist Professor Leonard M. Adleman.
Creeper ran on the Tenex operating system used throughout ARPANET -- the Advanced Research Projects Agency Network -- and jumped from one system to another, displaying a message of "I'M THE CREEPER : CATCH ME IF YOU CAN' on infected machines, before transferring itself to another machine. For the most part, when it found a new machine, it removed itself from the previous computer, meaning it wasn't capable of spreading to multiple computers at once.
While Creeper wasn't created for malicious purposes or performing any activity beyond causing mild annoyance, it was arguably the first example of software operating in this way.
Shortly afterwards, a new form of software was created to operate in a similar way - but with the aim of removing Creeper. It was called Reaper.
Alternatively, some believe the title of the first computer virus should go to one called Brain, because unlike Creeper it could self-replicate itself without the need to remove itself from a previous system first - something which many forms of malicious code now do.
The Morris Worm holds the notorious distinction of the first computer worm to gain mainstream media attention - because within hours of being connected to the early internet, it had infected thousands of computers. The damage of the lost productivity estimated to have cost between $100,000 and $10,000,000.
Like Brain and Creeper before it, the Morris worm isn't classed as malware because it is another example of an experiment gone wrong.
The software was designed to try to find out the size of the burgeoning internet with a series of scans in 1988, but mistakes in the code led to it running unintended denial of service operations - sometimes multiple times on the same machine, rendering some computers so slow they became useless.
As a result of the Morris Worm, the internet was briefly segmented for several days in order to prevent further spread and clean up networks.
What is the history of malware?
While Creeper, Brain and Morris are early examples of viruses, they were never malware in the truest sense.
Malware and the malicious code behind it is designed specifically to cause damage and problems on computer systems, while those described above found themselves causing issues by accident - although the results were still damaging.
With the birth of the web and the ability to connect to computers around the globe, the early 90s saw internet businesses take off as people looked to provide goods and services using this new technology.
However, as with any other form of new technology, there were those who looked to abuse it for the purposes of making money - or in many cases, just to cause trouble .
In addition to being able to spread via discs - both floppy and CD-Rom varieties - the increased proliferation of personal email allowed attackers to spread malware and viruses via email attachments - especially potent against those without any sort of malware protection.
Various forms of malicious software caused trouble for the computer users of the 1990s, performing actions ranging from deleting data and corrupting hard drives, to just annoying victims by playing sounds or putting ridiculous messages on their machines.
Some of the attacks may have looked simple, but it was these which laid down the foundations for malware as we know it today - and all the damage it has caused around the world.
Casino Disk Destroyer - a form of malware in the 90s - made victims play a game of chance before it destroyed content on the disk.
Image: Internet Archive
What are the different types of malware?
Like traditional software, malware has evolved over the years and comes equipped with different functions depending on the goals of the developer
At its core, a computer virus is a form of software or code which is in able to copy itself onto computers. The name has become associated with additionally performing malicious tasks, such as corrupting or destroying data.
While malicious software has evolved to become far more diverse than just computer viruses - there are still some forms of traditional viruses - like the 15 year old Conficker worm- which can still cause problems for older systems. Malware, on the other hand is designed to provide the attackers with many more malicious tools.
What is trojan malware?
One of the most common forms of malware - the Trojan horse - is a form of malicious software which often disguises itself as a legitimate tool which tricks the user into installing it so it can carry out its malicious goals.
Its name of course comes from the tale of ancient Troy, with the Greeks hidden inside a giant wooden horse which they claimed was a gift to the city of Troy. Once the horse was inside the city walls, the a small team Greeks emerged from inside the giant wooden horse and took the city.
Just as the Greeks used a Trojan Horse to trick Troy into letting troops into the city, Trojan malware disguises itself in order to infiltrate a system.
Once installed the system, depending on its capabilities a Trojan can then potentially access and capture everything - logins and passwords, keystrokes, screenshots, system information, banking details and more - and secretly send it all to the attackers. Sometimes a Trojan can even allow attackers to modify data or turn off anti-malware protection.
The power of Trojan horses makes it a useful tool for everyone from solo hackers, to criminal gangs to state-sponsored operations engaging in full-scale espionage.
What is spyware?
Spyware is software which monitors the actions that are carried out on a PC and other device. That might include web browsing history, apps used or messages sent. Spyware might be arrive as a trojan malware or may be downloaded onto device in other ways.
In some cases, spyware is actively sold as software, designed for purposes such as parents monitoring their child's internet use and is designed to explicitly be ignored by antivirus and security software. However, there are various instances of such tools being used by employers to spy on the activity of employees and people using spyware to spy on their spouses.
What is ransomware?
While some forms of malware rely on being subtle and remaining hidden for as long as possible, that isn't the case for ransomware.
Often delivered via a malicious attachment or link in a phishing email, ransomware encrypts the infected system, locking the user out until they pay a ransom - delivered in bitcoin or other cryptocurrency in order to get them back.
Ransomware demands a payment in return for returning encrypted files.
Image: Malwarebytes
What is wiper malware?
Wiper malware has one simple goal: to completely destroy or erase all data from the targeted computer or network. The wiping could take place after the attackers have secretly removed target data from the network for themselves, or it could could be launched with the pure intention of sabotaging the target.
One of the first major forms of wiper malware was Shamoon, which targeted Saudi energy companies with the aim of stealing data then wiping it from the infected machine. More recent instances of wiper attacks include StoneDrill and Mamba, the latter of which doesn't just delete files, but renders the hard driver unusable.
A worm is a form of malware which is designed to spread itself from system to system without the actions by the users of those systems.
Worms often exploit vulnerabilities in operating systems or software, but are also capable of distributing themselves via email attachments in cases where the worm can gain access to the contact book on an infected machine.
Last year's Wannacry ransomware outbreak infected over 300,000 computers around the world - something it did thanks to the success of worm capabilities which helped it quickly spread through infected networks and onto unpatched systems.
What is adware?
The ultimate goal of many cybercriminals is to make money - and for some, adware is just the way to do. Adware does exactly what it says on the tin - it's designed to maliciously push adverts onto the user, often in such a way that the only way to get rid of them is to click through to the advert. For the cybercriminals, each click brings about additional revenue.
In most cases, the malicious adverts aren't there to steal data from the victim or cause damage to the device, just sufficiently annoy the user into repeatedly clicking on pop-up windows. However, in the case of mobile devices, this can easily lead to extreme battery drain or render the device unusable due to the influx of pop-up windows taking up the whole screen.
Adware displays intrusive pop-up adverts which won't disappear until they're clicked on.
Image: iStock
What is a botnet?
A botnet - short for 'robot network' involves cybercriminals using malware to secretly hijack a network of machines in numbers which can range from a handful to millions of compromised devices. While is is not malware in itself these networks are usually build be infecting vulnerable devices.
By issuing commands to all of the infected computers in the zombie network, attackers can carried out coordinated large-scale campaigns, including DDoS attacks, which leverage the power of the army of devices to flood a victim with traffic, overwhelming their website or service to such an extent it goes offline.
Botnets are designed to stay quiet to ensure the user is completely oblivious that their machine is under the control of an attacker.
As more devices become connected to the internet, more devices are becoming targets for botnets. The infamous Mirai botnet - which slowed down internet services in late 2016 - was partially powered by Internet of Things devices which could easily be roped into the network thanks to their inherently poor security and lack of malware removals tools.
What is a cryptocurrency miner malware?
The high profile of the rise of bitcoin has helped push cryptocurrency into the public eye. In many instances, people aren't even buying it, but are dedicating a portion of the computing power of their computer network or website to mine for it.
While there are plenty of instances of internet users actively engaging in this activity on their terms - it's so popular the demand has helped to push up the price of PC gaming graphics cards - cryptocurrency mining is also being abused by cyber attackers.
There's nothing underhand or illegal about cryptocurrency mining in itself, but in order to acquire as much currency - be it bitcoin, Monero, Etherium or something else - some cybercriminals are using malware to secretly capture PCs and put them to work in a botnet, all without the victim being aware their PC has been compromised.
Typically, a cryptocurrency miner will deliver malicious code to a target machine with the goal of taking advantage of the computer's processing power to run mining operations in the background.
The problem for the user of the infected system is that their system can be slowed down to almost a complete stop by the miner using big chunks of its processing power - which to the victim looks as if it is happening for no reason.
The rise of cryptocurrency has led to a rise in criminals using malware to mine it via compromised systems.
Image: iStock
PCs and Window servers can be used for cryptocurrency mining, but Internet of Things devices are also popular targets for compromising for the purposes of illicitly acquiring funds. The lack of security and inherently connected nature of many IoT devices makes them attractive targets for cryptocurrency miners - especially as the device in question is likely to have been installed perhaps even forgotten about.
Analysis by Cisco Talos suggests a single system compromised with a cryptocurrency miner could make 0.28 Monero a day. It might sound like a tiny amount, but an enslaved network of 2000 systems could add the funds up to $568 per day - or over $200,000 a year.
How is malware delivered?
In the past, before the pervasive spread of the World Wide Web, malware and viruses would need to be manually, physically, delivered, via floppy disc or CD Rom.
In many cases, malware is still delivered by using an external device, although nowadays it is most likely to be delivered by a flash drive or USB stick. There are instances of USB sticks being left in car parks outside targeted organisations, in the hope that someone picks one up out of curiosity and plugs it into a computer connected to the network.
However, more common now is malware that is delivered in a phishing email with payloads distributed as an email attachment.
The quality of the spam email attempt and vary widely - some efforts to deliver malware will involve the attackers using minimal effort, perhaps even sending an email containing nothing but a randomly named attachment.
In this instance, the attackers are hoping to chance on someone naive enough to just go ahead on click on email attachments or links without thinking about it - and that they don't have any sort of malware protection installed.
A slightly more sophisticated form of delivering malware via a phishing email is when attackers send large swathes of messages, claiming a user has won a contest, needs to check their online bank account, missed a delivery, needs to pay taxes or even is required to attend court - and various other messages which upon first viewing may draw the target to instantly react.
For example, if the message has an attachment explaining (falsely) why you're being summoned to court, the user may click on it due to the shock, opening the email attachment - or clicking a link - to get more information. This activates the malware, with the likes of ransomware and trojans often delivered in this way.
However, there are many other ways for malware to spread that do not require action by the end user - through networks and through other software vulnerabilities.
What is fileless malware?
As traditional malware attacks are slowly being slowed by prevention tactics including the use of robust anti-virus or anti-malware system, and users becoming cautious of unexpected emails and strange attachments, attackers are being forced to find other ways to drop their malicious payloads.
One increasingly common means of this is via the use of fileless malware. Rather than relying on a traditional method of compromise like downloading and executing malicious files on a computer - which can often be detected by anti-virus software solutions - the attacks are delivered in a different way.
This is achieved because the attacks uses a system's own trusted system files and services to obtain access to devices and launch nefarious activity - all while remaining undetected because anti-virus doesn't register wrongdoing.
Exploiting the infrastructure of the system in this way allows the attackers to create hidden files and folders or create scripts they can use to compromise systems, connect to networks and eventually command and control servers, providing a means of stealthily conducting activity.
The very nature of fileless malware means not only is it difficult to detect, but difficult to protect against by some forms of antivirus software. But ensuring that systems are patched, up to date and restricted users from adopting admin privileges can help.
Do only Windows PCs get malware?
There was a time when many naively believed that it was only Microsoft Windows systems which could fall victim to malware. After all, malware and viruses had concentrated on these, the most common computer systems, while those which used other operating systems were free of its grasp. But while malware still remains a challenge for Windows systems - especially those running older, even obsolete versions of the OS - malware is far from exclusive to Microsoft PCs
Mac malware
For many years, a myth persisted that Macs were completely immune to malicious infections. Over the course of the 90s there were some forms of malware which did infect Macs, despite primarily being designed for Windows systems. The likes of Concept and Laroux were about to infect Macs using Microsoft office programs.
However, by the mid-00s, attackers had started building forms of malware specifically designed to target Apple Macs and now, while Windows machines bare the brunt of computer and laptop based malware attacks, Macs are now regular targets for cybercrime.
MacRansom is a form of ransomware which targets Macs.
Image: Fortinet
What is mobile malware?
The rise of smartphones and tablets over the last decade has fundamentally changed our relationship with the internet and technology.But like any form of new technology, criminals soon realised that they could exploit smartphones for their own illicit gain - and these mobile devices not only contain vast amounts of personal information, and can even allow hackers to monitor out location.
If there's a type of malware which can infect computers - be it a trojan, ransomware, or pop-up adware - then criminals have been working on built from the ground up forms of malware which can carry out the same tasks on smartphones.
The amount of data carried on mobile devices makes them an even more valuable target for hackers, particularly if a sophisticated hacking group, or a state-backed espionage operation is looking to compromise a particular target for the purposes of spying.
Unfortunately, many people still don't realise their mobile phone is something which can fall victim to cyber attacks - although they can be protected by good user practice and mobile antivirus software.
What is Android malware?
Android phones with suffer the majority of malware attacks on smartphones, with Google's larger share of the mobile market and the open nature of the ecosystem making it an attractive target for cybercriminals.
However, while the Google Play store has been used by hackers to distribute Android malware, more sophisticated campaigns will socially engineer selected targets into downloading malware for the purposes of espionage onto their device.
Android malware is known to pose as legitimate apps inside the Play Store - this one is disguised as a cleaner which tells the user they need to download an additional malicious update.
Image: ESET
Can my iPhone become infected by malware?
When it comes to iPhone, the ecosystem is much more heavily protected against malware due to Apple's closed garden approach to applications.
The rush to jump on the IoT bandwagon means that some devices are rushed out with little thought put into cyber security, meaning it remains relatively simple for hackers to infect connected devices, ranging from industrial control systems, to household products to even children's toys.
One of the most common means in which the insecurity of IoT devices is exploited is with malware attacks which secretly infect products and rope them into a botnet.
Devices like routers, smart lighting systems, VCRs, and surveillance cameras can all easily become infected and the eventual damage can be spectacular - as demonstrated by the online chaos caused by the Mirai botnet DDoS attack.
The network of Mirai infected devices consisted largely of IoT products and was so powerful, it brought large swathes of the internet grinding to a halt, slowing down or outright preventing access to a number of popular services.
Just like mobile phones can be turned into surveillance devices by hackers, the same can be said of internet connected cameras in the home. There has already been a number of instances where IoT camera security has been found to be so basic that malware has infected large numbers of devices.
Unlike mobile phones, IoT devices are often plugged in and forgotten about, with the risk that the IoT camera you set up could become easily accessible to outsiders - who could potentially use it to spy on your actions, be it in your workplace, or in your home.
It's especially useful for those involved in the game of geopolitics because currently, unlike the case with conventional weapons, as yet there are no rules or agreements detailing who can and can't be targeted by cyber weapons.
That attribution of attacks remains so difficult also makes cyber espionage a crucial tool for nation-states who want to keep their activities under wraps.
Stuxnet is generally regarded as the first instance of malware designed to spy on and subvert industrial systems and in 2010 it infiltrated Iran's nuclear program, infecting uranium centrifuges and irreparably damaging systems. The attack slowed down Iran's nuclear ambitions for years.
While no state has officially taken credit for the attacks, it's believed Stuxnet was the work of US and Israeli cyber forces.
Since that first instance of publicly reported malware attacks by nation states, cyber warfare has become a tool used by governments around the world. It's widely suspected that nation-state actors were behind attacks against a Ukrainian power plant, but it isn't just physical systems and infrastructure which are targets for cyber warfare.
Some of the most basic cyber security practices can go a long way to protecting systems - and their users - from falling victim to malware.
Simply ensuring software is patched and up to date and all operating system updates are applied as quickly as possible after they're released will help protect users from falling victim to attacks using known exploits.
Time and again, delays in patching has led to organisations falling victims to cyber attacks which could've been prevented if patches had been applied as soon as they were released.
It's also common for cyber espionage campaigns to leverage exploits for which fixes have long existed and still successfully compromise targets - because nobody bothered to apply the patches. The lesson to be learned here is that sometimes it might seem time-consuming and inconvenient to apply patches - especially across a whole network - but it can prove to be an effective barrier against malware.
Installing some form of cyber security software is also a useful means of protecting against many forms of attack. Many vendors will update their programs on a weekly or even daily basis, providing as much protection as possible from malware, should something attempt to break into the system.
For example, visitors to watering hole sites should be protected from attacks, while suspicious or dangerous files received via email can be quarantined.
Teaching users about the dangers of phishing emails or to be wary of what they download and click can help prevent threats from getting to the point of even being downloaded. Users take a lot of criticism from some as a weakness in cyber security, but they can also form the first line of defence against malware attacks.
