Many people are simply far too lax about online security, with many having no security at all, or at best using free security software that is, in most cases, nothing but "eye candy". Some of the worst offenders are MAC users, living with the mistaken belief that "MACs don't get viruses" - read on and I will explain why that is SO not true...
Many years ago MACs were very expensive and very rare - usually only used in the DTP industry, and then rarely connected to the internet. Due to that rarity, virus and malware writers had no real MAC user-base to target. So they wrote their nasty viruses and trojans exclusively for PCs. This led to the belief (still held by many) that MACs do not need security software because MACs don't get viruses...
While this may have been true 10 years or more ago this is really not true now - because MACs now sell in VAST numbers, and, rather than just sitting in DTP offices, they are now all wi-fi ready, constantly connected to the internet and for many are now "the" trendy item to have.
This has resulted in ratio of PCs/MACs now being very similar - so the virus writers and hackers now target BOTH markets equally...
However, in BOTH markets there are still far too many people that believe "I am not important enough for a hacker to bother with"...
Please, disavow yourself of this belief system immediately - because everyone with an internet connection, or a device with a processor, is a valid target for hackers...
Most of us have a computer or laptop, or tablet or smart phone and hackers love to break into them for some very solid reasons:
- Most of us now have a website, whether for personal or for commercial use - and that web space that hosts your website is VERY VALUABLE to hackers.
They may not even want your website, but rather the computer power of the server it is on, as web servers typically have much faster processing power than a home computer and this power can be used by a hacker to perform complex computations such as those used to “mine” (steal) digital currencies like Bitcoin – or simply to hide his/her identity, whilst he uses a server that is not linked to his name for criminal purposes.
- SPAM !!!
The computing power of your web site's server can also be used to churn out millions of spam emails – again, completely free for the attacker because it is you paying the bills not him. This method of sending bulk spam is now very popular because it is almost impossible to trace it to the hacker - because it all leads back to YOUR account. Spamming generates money for these digital thieves, large amounts of money!
Website owners and hosting companies get to pay the bills for these criminals and when their server/s get black-listed for spamming, money and time has to be invested in cleaning up afterwards.
Another use of this free resource for criminals is to insert links into web pages, to websites selling things – like pharmaceuticals, porn or fake goods. These links may not even be intended to be visible for people to click on (making them harder to spot) – but may be intended only to be visible to search engines, to help the destination websites move up the search rankings. Criminals in this sort of game tend to buy space on thousands of hacked websites from shady criminal "bot-net" operators, rather than build up genuine interest in their products because mostly the products they are selling are either fake, or non-existent - they simply take payments and run - and again they can't be traced because all this criminal activity came from YOUR account.
- A hacked website can be modified to serve up viruses to its visitors
catching vulnerable visitors whose own security on their PC/Mac/etc. wasn’t up to date. Viruses then allow the visitor’s computer to be used for the same purposes – and some others. For example, some viruses will encrypt all your files, and decrypt them only upon payment of a ransom – i.e. “ransomware”. Or they may inject new adverts into every web page you visit, making money for either the sellers of advertising space, or the sellers of the advertised products. Or they may log clicks and key-presses on the computer, and capture valuable passwords by this method – e.g. online banking passwords, or the FTP details to upload files to your website...
Sadly, insecure websites are economically VERY valuable indeed to criminals. Weak passwords, un-updated plugins, etc., provide ways for the crooks to use your computing resources, to make money. The costs of breaking in are less than the revenues they can make – so hacking is a profitable activity.
- Most of us are now able to connect directly from our computer to our bank accounts and make online payments
this should have you demanding security right now - I have seen far too many people have their bank accounts emptied simply because they didn't believe they needed to invest in security for their computers...
I could go on and on... but I don't want to get too wordy. What I do want to do is make everyone who reads this examine their security policy ASAP...
So - as of today - do NOT say “my website’s not interesting to hackers – it’s just small, so I’m fine.” Most website hacking is a completely automated activity. Other hacked websites are running code to try to automate the process of hacking yours, so everyone’s at risk, and everyone needs to keep on their toes.
Here is a glimpse into what I have had to deal with over the last week or so:
- A small company in Mid Wales -
their website was easily hacked because they were still using an old version of Joomla that went past it's "end of life" nearly 2 years ago. Therefore there had been no security patches or updates made in all that time. Once in, the hackers sent out over 200,000 emails per day. The end result being the Data centre took the site offline.
- A larger company in Mid Wales operating 3 businesses and 3 websites -
they were hacked due to their use of multiple un-protected computers - when we cleaned out the malware plus 10,000+ fake shopping pages from EACH of their three websites we then issued new passwords for everything to the client - within an hour of issuing the new passwords the hackers were back in - because the hackers had full control over the client's computers so knew all their logins and were able to see the new passwords as they came in. This was when we realised their computers were compromised and being run by hackers watching every move the client made, on all their devices. End result was several days of work clearing up the mess and our refusal to pass the new paswords on to them until they had secured their computers with stong security software - which did the trick.
- A company operating a franchise in Portugal -
they were hacked due to their use of an un-protected computer and a laptop - again we worked hard to clean out the malware from their website, plus 12,000+ fake shopping pages hackers had upoaded to their website, and again we issued new passwords for everything - and again, within a couple of hours of issuing the new passwords the hackers were back in - again alerting us to the fact that the client's computers were compromised by hackers watching their every move, because the hackers had full control over their computers so knew all their logins and were able to see the new passwords as they came in. End result was several days of work clearing up the mess and refusal to pass the new paswords on to them until they had secured their computers - which again did the trick.
Get Secure and Stay Safe:
For full time permanent protection of your PCs or MACs CMS Wales recommends:
For a quick scan to see if you are already infected, which might then prompt you to go and buy ESET, CMS Wales recommends MalwareBytes which has a free version available and is a very thorough scanner.
Programs CMS Wales CANNOT recommend - due to the number of computers we have had to clean out that were using these products - with the ones we have found allowing most cases of infection at the top:
- AVG Free
- AVAST Free
- Zone Alarm
For full time permanent protection of your Joomla or Wordpress website CMS Wales recommends:
Stay Safe - Practice Safe Hex...