Helping industry and consumers protect themselves is a top priority of M3AAWG (https://www.m3aawg.org/about-m3aawg) in its job as the leading global organization working against botnets, malware, spam, viruses, DoS attacks and other online exploitation.
This month, M3AAWG continues those efforts and supports Cybersecurity Awareness Month, promoted by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) (https://www.cisa.gov/cybersecurity-awareness-month).
M3AAWG focus areas (https://www.m3aawg.org/blog/online-abuse-is-changing-and-m3aawg-is-meeti...), which include improving cybersecurity awareness and fighting malware, phishing and other threats while protecting data, networks and devices, offer guidance and recommendations through best practices and more.
CISA offers a number of common-sense steps especially for users to protect themselves against cyberattacks:
Think Before You Click: Recognize and Report Phishing: If a link looks a little off, think before you click. It could be an attempt to get sensitive information or install malware.
Update Your Software: Don't delay -- If you see a software update notification, act promptly. Better yet, turn on automatic updates.
Use Strong Passwords: Use passwords that are long, unique, and randomly generated. Use password managers to generate and remember different, complex passwords for each of your accounts. A passwords manager will encrypt passwords securing them for you!
Enable Multi-Factor Authentication: You need more than a password to protect your online accounts, and enabling MFA makes you significantly less likely to get hacked.
CISA also provides definitions of common attacks and threats, including:
Malware. A computer can be damaged or the information it contains harmed by malicious code (also known as malware). A malicious program can be a virus, a worm, or a Trojan horse. Hackers, intruders, and attackers are in it to make money off these software flaws.
Identity Theft and Scams. Identity theft and scams are crimes of opportunity, and even those who never use computers can be victims. There are several ways criminals can access your information, including stealing your wallet, overhearing a phone call, looking through your trash, or picking up a receipt that contains your account number.
Phishing. Phishing attacks use emails, texts, and malicious websites that appear to be trusted organizations, such as charity organizations or online stores, to obtain user personal information.
CISA notes how these attacks work. For example, attackers exploit vulnerabilities by using a variety of phishing attacks to compromise the security of networks and devices. To protect your networks, it is vital to become familiar with cyber basics:
Attackers can obtain victim identity information by stealing compromised credentials.
Criminals create new email accounts and hack existing ones to conduct social engineering attacks. A social engineering attack is when an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems.
Phishing emails contain malware and malicious attachments.
Malware exploits various common vulnerabilities in software and other applications.
M3AAWG strongly recommends organizations and users recognize the importance of cybersecurity and consider all their many stakeholders in protecting themselves against attacks.
More resources and information can be found here for Cybersecurity Awareness Month: https://www.cisa.gov/cybersecurity-awareness-month