How vulnerable are individuals to cyber attacks?

[eytonxav]

Just thinking about how vulnerable individual users might be. For example, I use CleanMyMac software which is owned by a Ukrainian firm. Might be possible for Russia's cyber forces to go after them and imbed some malevolent code that end customers download. While I like the software and want to show support for Ukraine, I have questioned whether to uninstall this software. I am sure there are probably many other products, even from Russian owned companies that are on many personal computers.

 

[skyking1]

My suggestion is that any program that can automatically update can mess you up, and it does not even require malevolence. I know you said mac but Microsoft has released many 'updates' over the years that broke computers, that they had to scramble to really patch.
If you are not absolutely secure with that source, figure out how to disable it for a time. It may be easy enough to turn off, then turn back on when some of this uncertainty is past.

 

[Qs Laptop]

Just thinking about how vulnerable individual users might be. For example, I use CleanMyMac software which is owned by a Ukrainian firm. Might be possible for Russia's cyber forces to go after them and imbed some malevolent code that end customers download. While I like the software and want to show support for Ukraine, I have questioned whether to uninstall this software. I am sure there are probably many other products, even from Russian owned companies that are on many personal computers.

What interest does a Russian hacker have in accessing your computer?

 

[skyking1]

Seriously? We are the target for most of the malware of the world, and much of it is written in Russia.
Macs are not invulnerable to malware attack, just a little less vulnerable and not the sizeable target that Windows paints on you.

 

[OldShooter]

... We are the target for most of the malware of the world ...

If you mean private individuals, I doubt very much that this is correct.

I think the targets are larger, either for economic gain (ransomware) or for political reasons (Crimea, Nvdia, apparently British Airways this morning). Not that it doesn't happen, but screwing around with individuals would not seem to be cost-effective.

Probably our biggest risk is being infected as part of organizing a Distributed Denial of Service (DDOS) attack.

I have also read that 95% of successful penetrations are via phishing. I don't know the right number, but DW and I are very aware of the risk and very aggressive with suspicious emails.

Bottom line for us is I don't worry too much and do not bother to run 3rd party malware protection tools. YMMV, of course.

 

[skyking1]

I mean the western world in general. It is indeed about the money, but two birds one stone comes to mind. Compromised web servers coupled with lax browser policies by the end user have been a significant vector as well. tightening down your browser goes a long way to securing your computer.
I think the OP's third party tool might be handy, but if it goes out to get updates from a web server, then it does not take much to connect those dots.

 

[OldShooter]

... I think the OP's third party tool might be handy, but if it goes out to get updates from a web server, then it does not take much to connect those dots.

That's the reason I don't use a password manager and I will not even consider Ring or other magic boxes that talk to a mother ship. Those databases have huge payoffs for hackers. Someone who hacks the Ring database can sell individual data including access to live video feeds and, of course, complete information on individual home alarm configurations. Case a house from the comfort of your living room.

 

[Chuckanut]

What interest does a Russian hacker have in accessing your computer?

Look up Botnet.

Botnets are networks of hijacked computer devices used to carry out various scams and cyberattacks. The term “botnet” is formed from the word’s “robot” and “network.” Assembly of a botnet is usually the infiltration stage of a multi-layer scheme. The bots serve as a tool to automate mass attacks, such as data theft, server crashing, and malware distribution.

 

[statsman]

That's the reason I don't use a password manager and I will not even consider Ring or other magic boxes that talk to a mother ship. Those databases have huge payoffs for hackers. Someone who hacks the Ring database can sell individual data including access to live video feeds and, of course, complete information on individual home alarm configurations. Case a house from the comfort of your living room.

Same here.

Bottom line for us is I don't worry too much and do not bother to run 3rd party malware protection tools.

If you mean running 3rd party malware protection continuously, same here also. I will, from time to time, perform a malware check just for the peace of mind.

 

[Markola]

Does the U.S. have a cyber arsenal that could deter or damage, oh, say, Russia? A lot of the internet was invented in the U.S., after all. If we do have cyber weapons, I don’t read much about them.

I have read some snippets that the hacking collective Anonymous is trying to give Russia a headache right now.

 

[eytonxav]

What interest does a Russian hacker have in accessing your computer?

Seriously? There are two threat areas, criminal and then the Russian state that enjoys causing chaos and fear.

 

[Midpack]

There are always two sides to a story, but there are a significant number of Mac experts (not just Apple themselves) who say not only do you not need 3rd party anti-virus software, they can degrade security. Not looking for a debate on the topic, just pointing out there are pros and cons for Mac users. This is just one of several views against...

https://macmost.com/the-practical-g...hen it,your Mac. The answer is very simply NO.

From all that I've read it's pretty hard to fall prey without clicking on something you shouldn't, so we don't click on anything we're not 100% sure of. There are plenty of ways to verify before clicking on a link (incoming email address is often telltale), though hackers have gotten much better since the Nigerian scam - some of the new scams look pretty convincing. And individual users are small prey, though not immune by any means...

 

[OldShooter]

... If we do have cyber weapons, I don’t read much about them. ...

ROFL. And why would you expect to? Did you read much about Stuxnet before it was outed?

 

[Amethyst]

I hadn't seen that statistic, but it stands to reason that an email attachment, that you fool the target into opening themselves, is going to be the easiest way into their machine.

I liken it to inviting the vampire into your house.

I have also read that 95% of successful penetrations are via phishing. I don't know the right number, but DW and I are very aware of the risk and very aggressive with suspicious emails.

 

[jim584672]

Linux user, so not concerned. No one is going to bother since no one uses Linux, not worth the effort to attack it. Even if they did, Linux is not as easy to attack as Windows.

I only use Windows on machines that don't matter, like Media Center type stuff.

 

[easysurfer]

I make regular system and data backups to an external HDD. This way, should something not play nice, I can always restore from not that long ago.

Defensive computing .

 

[Car-Guy]

^^^^^ Me too...

 

[OldShooter]

I make regular system and data backups to an external HDD. This way, should something not play nice, I can always restore from not that long ago. ...

As long as that drive is not left connected after the backup ...

I back up automatically daily to a RAID 1 NAS box, but it is on the network and thus vulnerable to various digital and physical perils. It gets backed up, though not often enough, to a 3tb SATA drive that is kept in my gun safe.

 

[aja8888]

My last name is of Russian descent (actually Lithuanian). The hackers would spare me!

 

[easysurfer]

As long as that drive is not left connected after the backup ...

I back up automatically daily to a RAID 1 NAS box, but it is on the net work and thus vulnerable to various digital and physical perils. It gets backed up, though not often enough, to a 3tb SATA drive that is kept in my gun safe.

I backup daily to an internal drive. Also, do monthly data and quarterly backups to external drives (using hot swap bay). Thus not left connected. Been following this approach for several years.


I can't recall a time when I've needed to restore from the external copies as there hasn't been a time when the internal backups didn't work. Yet, good to know for peace of mind, just in case.

 

[Markola]

ROFL. And why would you expect to? Did you read much about Stuxnet before it was outed?

We hear about the pariah countries’ cyber capacities but not ours. I don’t really need to read about them, I just hope we have them and that Russia and China, et al, know we do.

 

[Time2]

My concern is not my computer but the computers of brokerages that have billions of dollars of our life savings and all our records, and records of the stocks they hold. Add our electrical grid. Nuff said.

 

[Kwirk]

My spam filter seems to say that I'm a bigtime target with more than 50 phishing emails per day. I don't click on any links that I'm not expecting or don't need.

 

[REWahoo]

My spam filter seems to say that I'm a bigtime target with more than 50 phishing emails per day.

Yikes. I average about one a day.

 

[Midpack]

My spam filter seems to say that I'm a bigtime target with more than 50 phishing emails per day. I don't click on any links that I'm not expecting or don't need.

Yikes. I average about one a day.

+1. I average one spam/phish a day or less. Then again I get less than 10 emails a day to begin with.