There are a lot of cybersecurity myths, just like about any industry that requires some specific knowledge. People often say a lot of reckless things regarding viruses, anti-malware programs and overall cybersecurity rules. That leads to the situations that sometimes are unbelievably silly situations – and possibly even money loss.
Now we are here to show you whether you are wrong, and which theses are partially correct. We took 15 cybersecurity myths and denials to describe.
Myth #1. Malware Only Infect Computers and Laptops
Under the term “computers and laptops” people likely mean desktop operating systems – macOS, Windows and Linux. Sure, these three are the most popular ones among malware developers. Windows and macOS accounted for >85% of all malware injection cases. However, that does not mean that malware for mobile devices – ones that use Android, iOS or WP. Some of the malware1 types even aimed particularly at mobile operating systems – banking trojans and spyware2 trojans, for example.
Malware for mobile devices is slightly harder to inject, since almost every device vendor creates his own shell around Android. The lack of unification makes a lot of things harder, and malware is not an exclusion . Meanwhile, iOS is highly protected, and blocks any possible attempts of tracking or sniffing. It is very important to know the right information and how to remove malware from your computer?
Myth #2. Spamming Email Can’t Harm Your Computer
Spam3 in the email messages became something usual in the last 5 years. Even if you make every effort to prevent the email leaking to the fraudsters’ databases, you can receive such messages. They are about intrusive advertisements, but sometimes may contain something that attracts your attention – link to the external site, or an attached file. Such messages are oftentimes disguised as some routine reports, delivery notifications or invitations. Spamming email can’t harm your computer is one of the most popular cybersecurity myths.
But how, exactly, can these things be dangerous? Inside the attachments, you will find a script that triggers the malware downloading. Links will rather lead you to phishing pages, but there is still the possibility to get malware through the critical vulnerabilities. This or other way, you will not be happy to see your computer full of malware. And don’t expect to see some not-so-critical stuff like adware or rogue – such a tricky way is used generally to distribute spyware and backdoors.
Myth #3. Cybercriminals Don’t Aim at Small and Medium Business
Obviously, this cybersecurity myths means cybercriminals who spread ransomware, spyware and such stuff. For sure, some categories of malware, such as APTs, require too much effort to deploy. It is just unprofitable to attack small companies with it – you will not extract enough data to pay back the money you spent. Some ransomware groups are also considered to avoid the companies that belong to certain sectors – primarily governmental companies, educational institutions and critical infrastructure organisations. But it is still far from at least supposing that you are safe.
Ransomware groups, both small and worldwide-known, have small and medium business as their bread and butter. While large companies have enough money to invest into full-fledged EDR solutions with custom setup for their specific needs, smaller companies are forced to purchase cheaper applications, or even stay with “regular” anti-malware software. It is much easier for hackers to attack small and medium businesses, and they never ignore this ability, even though larger companies mean larger potential profit.
Myth #4. Computer Viruses Do Not Affect the Speed of The PC
Some malware is designed to be as stealthy as possible. Things like backdoors and spyware rely on their stealthiness to remain undetected as long as possible. They turn on silently in the background, mimicking the system process, and consume miserable amounts of CPU/RAM. You will not likely even notice them, until something (antivirus app, for example) will point at it. Nonetheless, these malware types are met not so often. They have a lot more noisy contemporaries, that are tenfold more widespread.
Cryptominers and ransomware are able to make your computer almost unusable. Both mining and file ciphering take a lot of CPU resources, and using the PC during those processes running in the background is pretty problematic. Things like adware or rogue antiviruses may look less dangerous by the effects, but slow computers may suffer from same-scale freezes and performance drops. Since the last two are often created by amateur programmers, they may unintentionally create a memory leak – so you will suffer RAM runout with time. Welcome to the times of Windows 95, with time-BSODs and reboots after installing each new device!
Myth #5. You Cannot be Attacked on Facebook or Other Social Networks
Facebook, Twitter, Instagram – all these social networks are extremely popular nowadays. And all major spam campaigns happen right there – in comments to someone’s post, in advertisements or even in your DMs. It is possible to prevent the spam into direct messages – by just closing DMs for strangers. However, some spamming campaigns suppose the use of hijacked accounts in order to send spam messages to people from the friend list. It is sly, but efficient – and cybercriminals never were known for any kind of morality.
Cyberattack in social networks aims at phishing4 (more often) and malware installation. The latter supposes the redirect link that triggers the malware downloading, with the assurances that you will download a very useful tool that is extremely popular these days. Another sophisticated approach is malicious links in advertisements. Paid promotions in Facebook and Instagram are poorly moderated, so it is very easy to add a bait picture and a link that will lead the victim to malware downloading.
Myth #6. Antivirus is Enough to Keep Your PC Safe
Will your mobile phone break apart after falling from 3 feets? I think no, at least it will barely have any serious damage. But when you repeatedly throw it into the sky, into the wall, and then wash it in the shower – you will definitely kill it, even though it is dust- and waterproof. Antiviruses are about the same thing. They may have great protection rates, perfect heuristic engine, but when you nuke it with hundreds of different malware samples – one may just slip through. That is not wearing – antiviruses are just not omnipotent.
Gridinsoft Anti-malware software may show you the protection efficiency that is close to 100%, when it works in a well-protected OS and the user follows the basic cybersecurity principles. Vulnerable and outdated operating systems makes antivirus software ineffective against any advanced malware. And the user who follows the advice to disable antivirus to install the hacked application makes it absolutely useless. Using Anti-malware software right is a key to make it enough to keep your PC safe.
Myth #7. Individuals Must not Be Afraid of Spyware and Stealers
Spyware and stealers are used widely in cyberattacks against corporations. In those cases, a purified well-done malicious program acts to extract as much confidential information as possible. It looks illogical to use such a precise weapon against the masses. And this thesis is right – but there is the other side of the coin. Spyware, stealers and similar nasty stuff exists not only in the form of “professional malware”. You can see it inside of unwanted programs and as a mass-market malware as well.
Apps that track geolocation of your significant others, activity trackers, no-name navigation applications – all these things may literally be a piece of spyware. They will have real functionality, and you may even enjoy it – but that cannot cancel its malicious nature. Yes, individuals don’t have valuable data that can be sold on the Darknet. But it is still possible to get the information that may cost a lot. The main buyers for that data are advertisers of any sort, spammers, and crooks who need to establish the botnet5 .
Myth #8. Cyber Threats are Only External
Cybersecurity as a science says a lot about the malware present in the current computer world. A lot of attention is paid to the spreading methods, but for some reasons they ignore one of the hardest-to-avoid distribution methods. Besides the RDP brute forcing, exploits in Photoshop and Exchange, and email spamming, there is a so-called insider threat, which is always here. Insiders are the personnel of your company who in fact work for your rivals, or even for cybercriminals who try to attack your corporation.
The insider implementation is pretty hard, and may take years to reach the required level of integration. At the beginning, the new worker is not allowed to access the information that may really be expensive. But then the restrictions became weaker, especially if the imposter has high neuro linguistic programming skills. Having access to the company’s network from the inside gives the crooks the ability to do whatever they want. So yes, the exact threats are outside the company. But there may be an employee who brings them in – intendedly or by the reckless.
Myth #9. Viruses Can Be Easily and Immediately Identified
That myth may be considered as partially truthful, however, there are too many possible variations that make it difficult to state so. There are a lot of factors the successful detection depends on. We are talking about the malware type, the stage it was changed in compared to the previous malware variants, and the quality of Anti-malware software you use. Different antivirus vendors offer updates more or less often, which also makes difference in quality and operativity of the detection.
Depending on the type of malware, you can have different detection ratios, primarily because of the overall similarity of the malware behaviour and the codebase it uses. If we imagine that the anti-malware program has only on-demand scans, it will likely detect malware that has more patterns in “classic” signatures. Those are spyware, backdoors and so on. Adware6 and browser hijackers are easier to disguise and obfuscate, since they don’t dig so deep into the system. If we are talking about the malware that is the obfuscated and reshaped version of the original one, everything depends on the heuristics – exactly, on how well the security tool may spot the malware bearing only on its behaviour.
Myth #10. The Backdoor Virus Does Not Affect the Operation of the Computer
Backdoors, as you may suppose from their name, provide a back door for the cybercriminals. What do they decide to do with the system they can fully control – only God knows. If they injected the malware into your computer just for lulz, they may try to scare you by moving the mouse pointer, opening and minimising the tabs and shutting down the system. That is funny, but uncovers the backdoor presence. Much more often is when you will not see any visible signs of the backdoor activity. That happens when crooks inject it for profit.
Backdoors prefer silent activity because of the continuous operations they are typically used for. For the first time (1-2 weeks after the injection) the backdoor is absolutely silent. It gathers the information about the system, typical activity hours and login credentials (if possible). Then, to provide maximal invisibility, backdoor creates the second administrator account, and hides it using the basic Windows functionality. That action carries pretty notable effects – another user requires disk space and hardware capacity when running. Therefore, you may see the indirect signs of its presence.
Myth #11. Botnets DO NOT Launch a Spam Campaign and Do Not Attack Social Networks
Another cybersecurity myths to watch out for. Exactly, botnets cannot launch a spam campaign by themselves. They are just computers, controlled from the single centre which is handled by cybercriminals. And the latter can do that – that is one of the purposes of the botnet. Spamming campaigns are pretty hard to commit manually. Even when you hire numerous users to send this spam, it is more expensive and less massive. Botnets are a perfect solution for this purpose. Another cybersecurity myths that confuses users.
The second part of this myth is busted exactly because of the nature of spam campaigns. They are very effective when applied on masses. The peak efficiency is reached in… social networks, when a single bot’s message may attract the attention of dozens of people. Hence, hearing the word combination “botnet spamming” actually means that this event takes place in either social networks or on email.
Myth #12. Sophisticated Security Tools Keep Your Business Safe
That myth is very close to being true. Anti-malware vendors from all over the world offer EDR solutions that allow you to protect the whole networks, including servers and IoT that is running in the company. And that could be the end of the story, if we miss to remember about the human factor. So-called zero-click attacks, which happen even without the interaction with humans, are pretty rare nowadays. Therefore, crooks of any scale and skill mostly rely on the mistakes of the personnel.
Both ransomware distributors, who purchased the malware sample by the affiliate programme, and one-in-kind masters who manage to inject their self-made APT into the corporate network generally rely on the recklessness inside of the company. System administrators were too lazy to establish a secure RDP connection for all employees; tired secretary opened the email with a strange attachment – they didn’t disdain anything for reaching their target. Sure, EDR may throw a monkey wrench into their plans, but it is still not a panacea. People very often believe cybersecurity myths – this is not correct.
Myth #13. Regular Scanning is Enough to Keep Your Computer Clean
Again, the partial truth. Most of the classic anti-malware programs are designed to provide the peak protection with on-demand scans. All vendors warn the customers that using only proactive protection is not enough to keep the device 100% clean of malware. However, there is the other variable thing that was missed in all previous statements. We mean detection databases, exactly, their updates.
Most of the anti-malware software vendors offer a free version of their programs. They may be used free of charge, and you could even delete the viruses using them. However, there is a single problem – none of them provide the database updates. Free app versions may still receive the patches that are not related to the detection databases, but the ability to effectively spot and remove malware decreases week to week. Read trusted sources so as not to believe cybersecurity myths.
Myth #14. Ordinary Users are Completely Protected From PC Hacking
A very common cybersecurity myths that should not be believed. Ordinary users, who are the major mass of the overall PC market, are the main target of cybercriminals. They exploit the inattentive, reckless and the wish to spend as little as possible. For sure, the average level of cybersecurity knowledge among the biggest part of Gauss curve increased significantly over the last 10 years. However, that is still not enough to stop using anti-malware software and give no motivation to cybercriminals to attack individuals. It is important to remember that cybersecurity myths are fake, not everything should be believed.
Until there is a market of hacked software, film camrips and hacktools for different software, there will be the chance to get malware together with (or even instead of) the product. And the main trait of the aforementioned majority is, apparently, greed. People don’t want to give their money for the legit product, and then give this money for PC fixing. It is required to rip this vicious circle before stating such things.
Myth #15. Phishing DOES NOT Attack Confidential Information and Personal Data
That myth is likely based on the statements about the new appliance of phishing. Cybercriminals who manage the malware distribution nowadays add their malware as an attachment to the email, and trick the users to open it under different sauces. It is a phishing, crystalized and cleaned of any variations. But for some reasons people forget about the “classic” phishing, with counterfeited websites and forms to fill with your credentials.
Classic phishing did not go into eternity, as some people may suppose. Some say it is in hibernation now, but there are still enough phishing pages on the Internet. And you still must keep vigilance to avoid being fooled. Yes, the approaches of the classic phishing became much less effective – thanks to the new security measures used in web browsers. But be sure – they will find how to be back, and you will not expect it. It is very important not to believe cybersecurity myths, but to rely on true information.