How much should you spend on online security? A security analysts perspective
Readers of this article know that a VPN is an indefinite tool that is extremely vital for today’s digital world. This tool addresses the key challenges which are faced while surfing online. It protects the transmitted data between the website and the computer and also helps to maintain privacy while being in transit widely. There are other weak loopholes in digital communication which needs strengthening.
Although the firewall keeps unwanted visitors out by simply blocking them criminals and state actors are found bypassing firewalls which speak for the fact that there is a need for another software to maintain online privacy.
The SIM swap Attack and Analyst
The SIM swap attack has been an eye-opener for many; the key information about the victim is gathered by public sources. Then the gathered data is used to convince the mobile operator, after which the mobile operator gives full control of the phone number top the attacker. When the password reset request is sent to the email of the victim, the new information is then sent on the new SIM; this gives the attacker full control of the email account.
A popular forum which was involved in hijacking the online accounts of people conducted a SIM swap attack and exposed email addresses and passwords of 113,000 users. These users were interested in stealing the information of others, and ironically, they ended up giving theirs.
The reality of those attacks is severe and terrible. Things like date of birth, addresses, and family details are used for malicious purposes to trick the companies and assign a person to the telephone number to another handset. This triggers the attack to begin. The importance of keeping information secure and private is crucial, and it is why leakage of personal details to third parties is harmful. Sean Coonce, an eng leadership, was quoted saying;
“SMS Based 2FA is not enough no matter how many identities you are thinking to protect online upgrading the hardware security (something which the attack has to reach physically). Although Google can authenticate the mobile device security, I would advise you to take a step further.”
Google’s Research and Online Security
The advice is based on one person’s bad experience, which chimes with the newly published research from Google. The numbers below indicate common practices of SMS to recover the phone numbers and conduct a targeted attack using techniques such as SIM swaps.
As per Google’s research;
“If you’ve signed into your phone or set up a recovery phone number, we can provide a similar level of protection to 2-Step Verification via device-based challenges. We found that an SMS code sent to a recovery phone number helped block 100% of automated bots, 96% of bulk phishing attacks, and 76% of targeted attacks. On-device prompts, a more secure replacement for SMS, helped prevent 100% of automated bots, 99% of bulk phishing attacks, and 90% of targeted attacks.”
The research indicates that phishing attacks are carried out by impersonating as colleagues, family members, or government officials. Some cases have even reported that Google itself emailed them while the search engine giant never did that.
The attackers tried using man in the middle attacks; they try for several weeks and prompt users to give up their passwords or the authentication codes which are sent on the SMS. This is the reason why Google recommends high-risk users to use Advance Protection Program, which uses hardware 2FA keys
The only downside is that it requires hardware keys which are difficult to set up. However, the undoubted extra security comes with extra security from the individual circumstances.
For those who need to minimize their online appearance, it is enough to use the weaker forms of the 2FA. Given the central importance of the email accounts in digital lives and gaining control over the online services. Buying hardware keys can prove to be the best investment. Just ask someone who didn’t and have paid the price by ending in giving up their data.
Online security aid anonymity, and in this digital age where almost everything needs to be encrypted. A user who has experienced a privacy breach will be more than happy to stay protected than those who haven’t yet hit by a breach except those who are vigilant and know how government and criminals yield data online.