October is National Cyber Security Awareness Month (NCSAM). Although NCSAM is United States initiative promoting Cyber Security Awareness during the month of October, the rest of the world usually jumps on the bandwagon as well. So, it’s becoming more like International Cyber Security Awareness Month.

During the month of October, large volumes of (usually) very valuable information are published regarding information security awareness. This month, I shall join the fray with a couple of stories promoting Security Awareness. Let’s go.

Frik and Marietjie:

Meet Frik. Or rather, allow me to be more descriptive, meet Frik the plumber. Frik is your typical East Rand plumber. A good guy at heart, not too fond of technology, unless you’re referring to Showmax (but he’s starting to adapt). In the last couple of years, Frik’s business has grown tremendously and he has had to enroll the services of his eldest daughter, Marietjie, to assist with the admin side of things. Frik is able to do miracles with copper pipe, a shifting spanner and some soldering wire, but generating invoices and keeping track of payments isn’t his strong suite. This brings us to Marietjie, who has always been the tech savvy one in the family. Some of her friends would call her a tech guru, due to her being one of a select few in their close circle with the ability to type with two hands. She uses a newly bought desktop to generate invoices, pay Frik’s suppliers and verify electronic payments made by his clients.

Marietjie is however easily distracted, disappearing down Instagram rabbit holes for hours at a time. When it’s not Instagram, she keeps up with happenings on Facebook, Twitter & News24. Don’t forget the daily musings of her personal diary on Evernote. This all done from her Android phone.

At this stage, everyone is probably asking: Marietjie, did you install an antivirus application on the desktop?

Answer: “Oh cool, a new season of Greys Anatomy. Still can’t believe they let McDreamy die… Oh, you asked about antivirus. Yes off course, the thing came pre-installed with some antivirus thing. Don’t worry.”

Every now and again, Marietjie skims by an article on Twitter about some sort of hacker thing. “Hackers gonna hack” she ponders as she scrolls away. On Tuesday, midway between one of her regular afternoon Showmax binges, an email notification pops up on the desktop. With one eye on the computer screen and the other on the latest episode of Grey’s, she swiftly deduces it’s some supplier sending an invoice.

“A new invoice has been generated, please click <<here>> to view.” the email reads.

Click goes the mouse.

Marietjie pauses abruptly. “What just happened? What’s going on?? Meredith just said the patient’s tumor is inoperable, and now the red head army ginger guy is pushing him to the theater for emergency life saving surgery?“.

Meanwhile on the computer: “Error 500 – The page you are looking for cannot be displayed”.

That’s odd she thinks, I thought Meredith knew how to interpret brain scans? How could she make such a mistake?

F5 (refresh), still the invoice isn’t loading. She taps F5 a couple more times. “Well, if they really want us to pay, they need to sort out their system. Anyway, I’ll deal with it later.” Whilst Marietjie starts to meaninglessly scroll through Pinterest posts about dog blanket ideas for her new Yorkshire Terrier puppy, the desktop’s processor begins churning away.

The ‘broken’ link she so ferociously clicked on in the email wasn’t broken. It was purposely showing her a fake error message, whilst in the background executing a browser exploit. Basically this malicious link she clicked, unknown to her, led to all sorts of nasty files being downloaded and executed on the system. This desktop Marietjie is using for invoicing, online banking and email communication with Frik’s clients, is now infected with a Remote Access Trojan, a RAT. As a new episode of Grey’s start, the RAT begins to secretly communicate back to it’s master via the internet. This includes daily updates of what Marietjie is doing on the computer, where she logs in and who she emails. It even takes screenshots of those Google searches for “does Yorkshire Terriers like perfume?” and “why did they call him Mc Dreamy?”.

But wait. Remember earlier when we asked Marietjie about antivirus and she so confidently replied between Mc Dreamy comments that it came with the computer? Taking a closer look reveals that there was indeed an antivirus application which came preinstalled with the desktop. What our dear Marietjie failed to notice was, that this was only a 30-day trial. After the initial 30 days passed, the protection stopped working. In essence, her antivirus last protected the desktop while Mc Dreamy was still alive and in love with Meredith.

This brief look into Marietjie’s life highlighted two important concepts:

1. Be careful of what you click on. Bad guys make use of email messages to trick you into compromising your security. This can be in the form of an attachment, which masquerades itself as a document but in actual fact is packed full of bad things. Another method, as in Marietjie’s case, is a link included in an email message which when clicked, goes to a bad website to download more bad stuff to your computer. There are a lot more sly tricks attackers may use to compromise your system, but these examples will do for now.
2. Install and check up on your antivirus application. Remember: “if it ain’t running it ain’t protectin’ “. You get the point. It also need to be regularly updated. Using an outdated antivirus is like a police officer looking for criminals in 2018, with a Most Wanted list from 1980.