LACNIC CSIRT Offers Recommendations in Light of Increase in Cybercrime
In light of the recent increase in cybercrime, LACNIC’s Computer Security Incident Response Team (LACNIC CSIRT) has highlighted a series of recommendations for Internet users and organizations.
Cybercriminals have taken advantage of the growth of Internet traffic during the pandemic. A recent compilation of cyber fraud reports shows that ransomware attacks have intensified. Ransomware is a malicious application that infects a single computer or a computer network and encrypts certain files which can only be decrypted once a ransom is paid in exchange for the encryption key. These reports also show that ransom paid by victims has increased by more than 300%
The data — which was taken from sources external to LACNIC* — shows that phishing (identity theft) increased by 100% worldwide over the past year. This increase includes the creation of domain names purportedly offering information on the COVID-19 pandemic, treatments for its cure, or selling masks that would never reach their destination, and has coincided with new phishing campaigns and attempted fraud against financial institutions.
With this in mind, LACNIC CSIRT strives to keep its community up to date on the most widespread forms of fraud and has drawn up a series of recommendations to reduce the risk of computer fraud.
Records show that the most common form of attack is via email. Most fraud attempts use an email attachment or an email containing a link to a malicious website, and often prey on the victim’s sense of urgency (a malicious email might say, for example, that the user’s account will be blocked or that they will lose their information).
Avoid following links to unknown websites or clicking on links suggested by someone you don’t know. Check the URL you wish to visit.
Be careful if you receive a message asking you to urgently provide personal information.
Keep your systems up to date and your backups current.
Look for information on official websites.
Regularly change your passwords and avoid using the same password to access different websites/applications.
Always check the source and never provide personal information or documents.
On your toes. The experts at LACNIC CSIRT recommend not opening links to unknown websites, links suggested by strangers, or links displayed in pop-up windows. They also stress the importance of verifying any URL (web address) a user wishes to access. If it seems suspicious or if the user is unfamiliar with the website, they should attempt to type the URL directly in their browser’s navigation bar.
The experts also suggest not opening any links (URLs) that offer miraculous products to prevent the spread of COVID-19 or immunity against the virus, as many of these are malicious sites.
In addition, they warn against messages urgently requesting personal information, as no legitimate website will ask its users to enter confidential personal information this way. Consequently, users should never provide personal information in response to such messages.
For LACNIC CSIRT it is essential that users keep their systems up-to-date and their backups current, regularly change their passwords, and avoid using the same password to login to different systems.
If affected, users should report the problem as soon as possible to the institution involved. They can also file a complaint with one of the region’s CSIRTs. A list of CSIRTs is available here.