Month: March 2018

A look at some of the current and emerging tech that will impact on cybersecurity, for better or for worse.

The changing nature of cybersecurity

(Image credit: Shutterstock)

It’s not just the best VPNs that are changing privacy and security online. With technology having come to dictate our global economy, it’s important to consider how it’s going to develop in the coming years. That’s especially the case in cybersecurity, which protects us from the multitude of dangers that new technologies pose. 

It’s a rapidly evolving landscape, and there are more technologies out there that will change the face of cybersecurity than we have time to learn about. 

So, to get you up to speed we’ve put together a list of the 10 most important technologies that are changing the face of cybersecurity forever.

Securing your digital lifestyle doesn’t have to be a tedious or expensive process. You can achieve that in the next 60 seconds by downloading a trial of CyberGhost VPN here, risk-free.

1. Cloud computing

(Image credit: Future)

We should all be familiar with the cloud. It’s the ubiquitous yet nebulous data storage alternative that companies can’t seem to get enough of, even if they’re bad at keeping the information in it secure. 

Because the cloud uses remote servers to store files that are often confidential, it’s going to have an impact on the way we approach cybersecurity. Right now there are some impeccable efforts being made in terms of local encryption; cloud storage encryption, on the other hand, still has a ways to go. 

For many years now the industry standard has been to encrypt all cloud data with 256-Bit AES encryption. In early 2023 Amazon S3 confirmed that moving forward all cloud data will be encrypted by default. 

But there’s a flaw in this approach: if a bad actor can access the part of the cloud where those encryption keys (sometimes called PMK or ‘Platform Managed Keys’) are stored, your data is at risk. 

That’s why providers like Google Cloud and Azure offer advanced client-side encryption : in other words data in the cloud can be encrypted using a hardware or software key management system on the user’s end. This means not even the cloud provider can read your data. This is sometimes known as BYOK (Bring your Own Key) and promises a much higher degree of security. 

This in turn has led to an explosion in the number of KMS (Key Management Solutions) offering to protect your cloud passwords such as Egnyte. Proceed with caution.  

2. The internet of things

(Image credit: Future)

Ransomware is an increasingly prevalent type of malicious software (malware) that will typically lock your computer or files, with the creator offering to unlock them in exchange for money. Ransomware is a very real threat.

It’s a growing problem in the context of the internet of things (IoT), where vulnerabilities are only now beginning to become apparent. Smart home devices, which can include everything from refrigerators to thermostats, are very easy targets for ransomware and other attacks right now, and it’s an area where the cybersecurity industry will be focusing its efforts in 2023.

As of the end of 2022 there were some 17 billion IoT devices in the world. According to Microsoft’s 2022 Defense Report, IoT devices are a key entry point for many attacks: 

“While the security of IT hardware and software has strengthened in recent years, the security of Internet of Things (IoT) … has not kept pace,”

Some flaws are easily fixed: for instance many IoT devices use simple hardwired passwords to make for an easy setup. These could be made stronger and randomised by the manufacturer. People running multiple IoT devices could also have more support in segmenting different parts of their home network, so for instance, a bad actor who hacks into your “smart” home doorbell won’t also be able to access your smart thermostat. 

With hope 2023 will be the year that the cybersecurity industry develops a universal set of standards for IoT devices introducing measures like these. 

3. Cryptocurrencies

(Image credit: Future)

Everyone from celebrities to startups to celebrity startups is trying to position themselves to profit from the cryptocurrency craze, and it’s not hard to see why. 

Mining virtual currencies such as Bitcoin and Ethereum has created such a high demand for the best graphics cards that games and others who want them for conventional purposes are struggling to get their hands on them. 

Although graphics cards often sell for way over the manufacturers’ retail prices, throughout 2022 the GPU shortage has gone down and graphics cards now cost more reasonable amounts.

This may be a reflection of recent events such as the collapse of FTX, which reveals that some of the issues reflecting newly-minted crypto-exchanges are the same as those of old : accumulating vast amounts of digital wealth simply increases the chance every day that they’ll be a victim of an online heist. There’s no quick and easy technological solution to this : it’s down to each user to keep their crypto-assets in an exchange only as long as it is necessary to purchase them and transfer them to a safe place.

The gold standard for keeping your crypto-assets safe is a hardware wallet from a trusted provider. If you don’t already have one, check our guide on the very best hardware wallets. 

4. Machine learning

(Image credit: Future)

Commonly confused with AI, or artificial intelligence (which we’ll talk about later), machine learning is the idea that computers and systems can become capable of learning on their own, without programmer input. For more information, see our guide What is machine learning and how it differs to AI..

Organizations from NASA to Google are trying to get a jump on machine learning. It’s used to help power Uber’s dynamic pricing model, as well as help them calculate how long journeys will take and where to send drivers. 

In terms of cybersecurity, machine learning is being researched for use in e-mail monitoring to prevent phishing and credit card fraud. This involves the software training itself to recognise spam emails, some of which can look extremely authentic as they steal images and templates from legitimate companies. 

Machine learning also has exciting applications for malware monitoring :while conventional antivirus programs simply match suspicious apps against a known database of threats, ML algorithms could be developed to spot them in general based on their size, behaviour and so on. 

5. Biometrics

We have multi-step verification on nearly all of our accounts now, from our bank accounts to social media. What we need more of is hardware authentication that does away with the generic password solution – passwords can be easily guessed by the aforementioned machine learning software. 

Microsoft and Apple have made great strides in biometric log-in technology: Microsoft has Windows Hello in Windows 11, which can be configured to log you into your computer or tablet by facial recognition or by Apple’s “Touch ID” fingerprint scan. Mobile devices from the iPhone X onwards have also introduced Face ID. Models from the iPhone 12 and later even support Face ID whilst wearing a mask.

None of the solutions out there at the moment are perfect though. Face ID security has been foiled in the past by similar looking people such as twins. In 2017 Vietnamese Security Company Bkav also managed to fool Face ID with a cheap mask. Still, this involved taking multiple pictures of the real iPhone owner from various angles and 3D-printing a mask. A thief would also need to stop the real owner from simply remotely locking the iPhone over the Internet before it went missing.

In 2021 cybersecurity researchers also managed to bypass Windows Hello by impersonating a privileged user account. This bug has now been fixed in Windows 10 and 11. 

Still, until we start adopting hardware authentication that doesn’t require a backup password, cybersecurity organizations have their work cut out for them.

6. Remote browsers

(Image credit: Future)

Don’t be alarmed, but your web browser isn’t as secure as you probably think it is. In fact, the web browsers we use every day are the most common route of entry for malware. That’s where a remote browser comes in handy.

Many enterprise users, especially those using the best Chromebooks, are probably familiar with the concept of a remote browser. If you have to log in to a server to access the web every time you open Google Chrome, you’re using a remote browser. This is notably more secure than a local browsing session, as you can always reset the server to a previously working state should anything go awry.

This is sometimes known as RBI, or “Remote Browser Isolation”. It can be useful, particularly for big organizations who would otherwise have to check each device that connects to their network, install antivirus and so on.

In January 2023, Cloudflare announced that its new e-mail security tools could automatically open all suspicious links via remote browser, protecting the machine used to access them. This could show a shift towards a “zero trust” network model where organizations assume that even their own employees can’t be trusted not to open suspicious emails.   

7. Multi-factor authentication

(Image credit: Future)

As we touched on earlier, requiring a single password to access a company account is an open invitation for hackers. In Verizon’s data breach investigations report from last year, it was confirmed that 63% of data breaches occur as a result of weak, easily crackable passwords being exploited.

Companies, then, have a duty to more strictly enforce multi-factor authentication in the coming years. After the fallout from 2017’s Equifax data breach, research conducted by BitDefender suggests the general public is finally starting to care more about identity theft and its consequences.

This may lead to more people adopting 2FA (two factor authentication)/multi-factor authentication throughout 2023. Microsoft’s official documentation suggests “nudging” users to set this up. Apple has required 2FA sign-in for certain services like Apple Pay and “Sign In with Apple” for years but this doesn’t apply across the board. 

8. Quantum computing

(Image credit: Future)

It’s a concept that’s existed since the 1960s, but quantum computing is still in its infancy. 

Whereas a regular computer works with bits, or a combination of ones and zeroes, a quantum computer can use ones, zeroes and any quantum superposition of both of those values to process data infinitely faster than the machines we use today.

Since they’re able to handle complex situations that even a normal supercomputer wouldn’t know what to do with, quantum computers will play a big role in the future of healthcare, politics and – you guessed it – cybersecurity encryption.

In 2023 IBM issued a report entitled “Security in the Quantum Computer Era”. The company went so far as to say that quantum computing represented an “existential threat” to conventional encryption techniques. 

The reason for this is very simple : the strength of existing encryption protocols comes down to how long it would take to break them through “brute force” techniques : that is to say how long a supercomputer would take on average to try different combinations of keys until it hits upon the right one.

A Quantum Computer doesn’t have the same limitations : traditional encryption algorithms rely on factoring large numbers, which a quantum computer can do in a matter of minutes, not centuries. This means no one’s data is safe.

9. User behavior analytics

(Image credit: Shutterstock)

There are serious security concerns surrounding the field of analytics. For one, privacy can be betrayed by websites that simply collect data in order to tailor advertisements more directly to individuals. But user behavior analytics (UBA) can be genuinely beneficial.

Legally, an organization can’t pry into someone’s computer to find out who they are, where they live and what they do for a living. What they can do is identify users based on behavior profiles. 

Whenever you swipe a certain way on a touchscreen or make a repeated typo, for instance, UBA technology is there to document and make use of that information. 

This data can then be used to forecast security breaches before they happen, should any peculiar user or system behavior take place.

10. Artificial intelligence

10. Artificial intelligence

(Image credit: DeepMind)

Most of us have some experience of interacting with artificial intelligence thanks to its implementation in video games or in Siri/Google Assistant. What you might not be aware of is the critical role of AI in cybersecurity. 

Firms have already started building tools that can patch security holes before they can be exploited by cybercriminals – but the same time, hackers are adapting to the new ecosystem, and trying to create systems that are smarter than anything a company or government can deal with. AI will only become more powerful as a result of this cybersecurity arms race.

Since its internet debut in Nov 2022 the ChatGPT AI bot (Generative pre-trained transformer) has been impressing the internet with its extremely realistic conversations and behaviour, such as inventing song lyrics and simulating chatrooms. There are limits to its artificial intelligence though, as it can often supply plausible-sounding answers which are in fact gibberish. The implications for cybersecurity are huge however, given that these bots can help to review code for bugs and proactively learn about online threats.   

Read More 

You know about cookies, but websites have all kinds of other snooping tricks up their sleeves.

There are dangers to your privacy lurking in every nook and cranny of the internet, although not everyone takes them seriously. You may trust that larger companies wouldn’t stoop so low as to collect information from you and exploit it to make money, but here at TechRadar Pro, we wouldn’t put it past them. 

When you visit virtually any website, the chances are that the company behind that website is learning more about you. Typically, this is so they can show you more relevant advertising based on what you’ve searched for and looked at in the past, a technique called targeted advertising. In other cases, though, they’re selling your information to other companies who want your money.

We’ve looked into 10 specific methods that websites use to pry information out of your devices, usually without your knowledge or consent. Despite the common misconception that the internet is anonymous, this couldn’t be further from the truth, as more and more organizations find ways around laws  like the GDPR, which prohibit them from simply taking your name and address straight from your Contacts app.

While complete anonymity on the internet is impossible, there are a number of simple steps you can take to prevent almost all forms of online tracking. Where possible we’ve listed these alongside ways bad actors can track you, so you can stay safe. There’s no one magic bullet solution though, so make sure to keep reading in order to find the different methods you need to use. 

1. Tracking your browsing history

The moment you land on a website that wants your data, it’s going to start swiping your browsing and search history from right under your nose, and save it for later analysis. More often than not, as we’ve mentioned, this is then used for marketing products and services that are relevant to your online behavior. 

This is one area where using the best VPN won’t necessarily help, as if you’re signed into your account e.g. on an online retailer they can still link your activity to your name through using cookies. Rather worryingly some cookies are “cross site”, so for instance if you visit a website to get a quote for life insurance they may see a cookie that tells them you’ve previously bought a book on quitting smoking. 

Some sites do allow you to opt out of being tracked, although we can assure you that this feature isn’t especially easy to find on the rare occasion that it exists at all.

Most “do not track” options are simply a way for your browser to request that the website doesn’t retain your information but often there’s no way to check if this is actually being done. 

Some browsers such as Mozilla Firefox take a more aggressive stance on tracking and actively try to prevent it. You can also protect yourself further by using a privacy-oriented search engine like DuckDuckGo.

Read more about this kind of tracking and ways to protect yourself in our online guide. 

2. Super cookies

If a cookie keeps track of your site visits and activity, then a ‘super cookie’ is a cookie that tucks itself away from the main cookie database. Some of these go as far as storing themselves in more than one location, and reactivating old cookies that you went out of your way to delete. 

Websites use these super cookies to monitor the routines of those who are smart enough to remove their browsing history and cache. By peering into the data of your other installed web browsers, super cookies are particularly sneaky pastries. 

Technically you could reset your entire device to factory settings and not be safe from super cookies as they can be re-inserted into your browser via your ISP. This makes super cookies far worse than the regular kind.

Security researchers and browser developers have engaged in a game of cat and mouse over the years detecting where super cookies might be lurking within internet software, only for unethical companies to find somewhere new to hide them. This can be within a web browser or even somewhere on your hard drive.

Even if you remove supercookies though and use ‘incognito mode’ on your browser that doesn’t affect the data your ISP may have already gathered on your previous connections. 

The best way to stay safe is to keep your connections as anonymous as possible each time you go online. This can be done through using a reliable VPN.

3. Cookie syncing

When in doubt, some websites use elaborate schemes to identify which device you’re using. This is called cookie syncing, a process that allows organizations to share information with each other and string together the identification numbers they’ve all assigned to you. A conglomerate of sites can all work together to use the data they’ve collected from you more effectively.

In theory this is done so they can serve you more targeted advertisements but the more personal data they gather on you, the greater the risk it can be abused. Once two different websites have synced your cookies, they can also keep sharing information about you in future. 

And you have no idea that this is happening… well, you do now, but you get the idea. The goal is to ultimately build up a better picture of you, and your browsing habits and interests.

It’s likely this has already happened to you but you can fight back. Firstly, make sure to clear your web browser cache to erase any existing cookies on your device.

These types of cookies usually appear on websites containing advertisements, so consider installing an ad-block extension, such as AdBlock Plus or uBlock Origin. 

4. Ditching anonymity

Everyone thinks they’re anonymous on the internet – and they are to a certain extent. The fact is, your real name is irrelevant to advertisers, which is why they refer to you as a number that they’ve assigned to you internally. Using this number they can determine how much you’re willing to spend, and on what. 

In the United States, the National Security Agency (NSA) can use these identifiers collected by advertisers to more target suspect individuals; in effect, these newer, third-party algorithms for collecting data are doing some of the NSA’s job for it.

These are built up partly through using as you’ve already seen but also through tracing your unique IP address, especially as your ISP may not change it for months at a time. Take back control by using a reliable VPN provider. By doing this, you’ll be connecting to the internet via one of tho thousands of VPN servers they offer, so your IP address will appear to be the same as theirs.  

5. Selling your personal information

Whenever you purchase something at a store and are asked to provide your email and/or mailing address, you run the risk of that company selling off your personal information to advertisers – it’s why you sometimes get unsolicited emails in your inbox from senders you’ve never heard of, and don’t recall giving your details to. 

Larger, well-known companies don’t normally engage in this practice as they have reputations to protect. However, any company is vulnerable to data breaches, and should one occur there’s no telling how widely your private information could be disseminated.

This is a case of prevention being better than cure. Make sure to provide only the minimum necessary personal information to each website, so in case of a data breach, the damage is minimised.

Each time you register a new account with a website, use an anonymous e-mail address or alias each time. If you’re using an Apple device like a Mac or iPhone you’re in luck as iCloud supports generating unique random email addresses each time, and automatically forward messages to your main address without revealing it.

Make sure to use a different, strong password for every website or online service you use too. The best way to do this is via the best password manager.  

6. Device and location-based pricing

There’s evidence out there to suggest that the prices of products and services can increase or decrease depending on the device you’re using to shop online or where you seem to be based. 

Back in 2012, for instance, it emerged that travel website Orbitz was giving Mac users pricier hotel options than those searching on PCs – which is rather presumptuous, as a moderately specced PC can cost just as much, if not more, than a Mac. 

Location-based pricing is also common, whereby rates for hotels and flights increase depending how wealthy an area in which you seem to be. Fortunately there’s an easy fix: if you connect to a VPN server in a different location to yours, you can appear to be in that place. The websites will then quote prices accordingly. See our guide How to change location and IP address with a VPN. 

7. Social media tracking scripts

When you use a social network like Facebook or Twitter you’re agreeing to let those companies do pretty much whatever they want with your personal data, and that includes data collected by tracking scripts found outside of the networks themselves. In the case of websites that have the Facebook ‘Like’ icon embedded, for example, Facebook can store a cookie on that site to save your login state.

The company can use the information gleaned from this to identify you, and use its algorithms to target you with advertisements based on the websites you visit, for instance showing you adverts based on products you or your Facebook friends have “Liked”.

In February 2021 Apple and Facebook clashed over features like these, where Apple insisted that their App Store’s Facebook App must give users the choice over whether they’d like to be tracked. 

It seems that some social media giants like Meta also inject Javascript code into links opened from their apps to better track people over the web.

Your first line of defense here is to access social media via a secure browser that takes your privacy seriously. Take some time to explore settings related to cookies and make sure to enable “do not track”, as well as install any of the best ad-blockers as we outlined above.

Remember also there are plenty of safer ways for you and your contacts to stay in touch. The open source Signal messaging program contains no ads or tracking scripts, plus supports setting up groups where you can chat using end-to-end encryption.  

8. Browser fingerprinting

You may not be using your actual fingerprint to run Google Chrome or Firefox or Opera, but that doesn’t matter because your browser configuration is as unique as the pattern on your anatomical digits. The version you’re running, along with the plugins you have installed and their specific versions, make it easy for sites to identify who you are. 

In a process called browser fingerprinting, companies use that data, in addition to your screen resolution, installed fonts, time zone and more, to collect information about you. And if you’ve disabled cookies to prevent such tampering, even that’s a feature that helps to make your browser distinct.

There are browsers that make fingerprinting more difficult and extensions that prevent some forms of browser fingerprinting.  

9. Browser user agents

Every time you open a website your browser forwards it a line of text that identifies both your browser and your operating system, and this information can also be used to generate targeted ads. 

Essentially, your browser is telling the website whether you’re using Safari on an iOS device, Chrome on Windows 11 and so on.

Using this information, a website can determine whether to tailor its ads to a mobile device or a desktop. It can also be used to deliver ‘Please upgrade your browser’ messages to those still clinging onto Internet Explorer.

One way to stay safe is to connect via the Tor Browser, which has been deliberately designed to show the same ‘agent’ data for every user. Certain browser extensions can also display. 

10. HTTP referer

No, you don’t have to correct us: the ‘referrer’ in ‘HTTP referer’ is spelled incorrectly on purpose. It’s a term that describes the header that stores the details of where you’re coming from when you’re redirected to a new website. So, if you’re browsing TechRadar and you click a banner ad, the HTTP referer stores the fact that you were visiting TechRadar.

The HTTP referer can be sent to the new site and, from there, the site administrators or algorithm can deduce two things about you: where you’ve been, and where you are now. And this information can be used to – yep, you guessed it – put yet more targeted ads in front of your eyeballs.

You can just use a reliable ad-blocker to avoid being bothered by these ads. Most reputable browsers such as Firefox try to trim out any personal information from the http referer header but you can also disable it altogether in your browser settings. Check the support pages for your chosen browser with help on how to do this. 

Read More