Phishing, brute force, malware, DDoS, Cross-site scripting, SQL injection, password attack, cryptojacking, insider attack, and whatnot – cyberattack is happening every 39 seconds.
Welcome to the cyberwar.
Isn’t it scary?
I know it is, but that doesn’t mean we cannot defend our data and ourselves in the current wave of cyber warfare. If hackers’ practices can be sophisticated, then why not our intelligence?
Table of Contents
- So, are you ready to protect the privacy and security of your data?
- Why would I be a hacker’s target?
- What is Cyberattack?
- Do you know, how often do cyberattacks occur?
- Cyber Threats, Intelligence & Best Practices
- DoS & DDoS Attacks
- How to detect a DDoS attack?
- Can you stop a DDoS attack?
- Malware Attacks
- Warning signs of malware
- Is Malware Preventable? Yes, anti-malware can do this wonder
- Man-in-the-Middle Attacks
- How common are MitM attacks?
- Types of MitM Attacks
- Man-in-the-middle attack prevention
- Is the internet of things the next platform for MitM attacks?
- Phishing & Spear Phishing Attack
- You must be guessing how phishers reach to your email?
- Popular Social Engineering Attacks
- Tips to protect from Phishing attacks and other social engineering attacks
- SQL Injection Attacks
- How to prevent SQL injection?
- How to prevent and detect crypto-jacking script?
- Cross-site Scripting (XSS) Attack
- Cross Site Scripting Prevention
- Zero-day Exploit
- Eavesdropping Attack
- Measures to prevent Eavesdropping attack
- Mobile threats
- Sources of cybersecurity attacks
- Some Takeaways!
So, are you ready to protect the privacy and security of your data?
Let’s pledge, but wait, do we know how a hacker can create vulnerable avenues for us?
I believe many of us are familiar with malware and phishing, but not all other malpractices that a hacker can use to intercept in our systems; understanding the method of delivery can help in clarifying the role of different cybersecurity controls required to combat the rising threats.
And if you’re an expert and know all the major cybersecurity threats and still not taking actions, then sadly, it is highly discomforting being aware of the threats, but not defending them.
If my fellows are living with a belief that why they would ever be eye-candy for hackers, then let me tell you a secret!
“Hacks happen anytime with (literally) anyone; some exploits caused by insanely technical code to dupe the advanced machines, but more often it’s just simple human actions that are to blame. Sometimes, even the best protection software won’t be of help.”
Here’s a list of common things that we do (quite often) that leads us closer to hackers.
Why would I be a hacker’s target?
- I am lazy, my passwords are too obvious – the most used password breached is “123456”
- I don’t use two-step authentication.
- I have never checked the privacy of the website – only HTTPS protocol is the most secure so far.
- I often use the same password across multiple services – breaching a single password can breach all the accounts at once.
- I opened an attachment received via email, text, and/or anywhere else – it’s one of the most-practiced acts hackers gain unwarranted entry into our accounts.
- I am online shopaholic – often you will find the most lurking deals on questionable online auctions.
- I love free WiFi – Reportedly, a vulnerability affected 275 hotels and their provided WiFi; it’s proven that free public WiFi is an essential tool to launch large-scale DDoS attacks.
Don’t worry! I will tell you what is DDoS attack later.
So, be wary!
Let’s begin the journey of identifying the cyber threats lurking in our cyber world, so that appropriate measures could be taken.
What is Cyberattack?
In a layman term, a cyberattack is a malicious and deliberate attempt of an individual or organization to breach the information system, IT infrastructures, computer networks, or personal computer devices, using different methods to steal, alter or destroy systems or data of another being.
It is an act of damaging or stealing data or simply disturbing the digital life of a user, covering a large number of topics, including:
- Tampering data and systems
- Resource exploitation
- Unauthorized access to the system and sensitive information
- Disrupting regular business’ functions and processes
- Using various attacking parameters to encrypt data and extort money from users.
Oh no, the devil is here!
Here’s a hacker, let me chalk out some of the major achievements of a hacker; you’ll be shocked.
Do you know, how often do cyberattacks occur?
- Nearly 1 million new malware released every day.
- Cryptojacking is the fastest-growing malware out there, with 8 million attempts per month.
- The global cost of a data breach is $3.6 million – it keeps increasing.
- This year, organizations and individuals will pay $11.5 billion, either meeting ransomware damages or as a cost of ransomware.
- 76 billion records were leaked in January 2019.
- 91% of cyber attacks start with a phishing email – 85% of all attachments emailed daily are harmful.
- 43% of cyberattacks are targeted at small businesses.
- 6 million websites have malware at any time.
- Around 2,354 bot visits per site every week.
- 75% of the healthcare industry has been infected with malware at a given point in time.
- 24,000 malicious mobile apps are blocked from app stores each day.
- 30% of U.S. netizens open phishing emails.
- A business falls victim to a ransomware every 275 seconds.
- By 2024, cybersecurity expenditures will reach $1 trillion.
- The cybercrime damages are expected to hit $5 trillion by 2020.
Hackers are constantly finding targets and refining their tools to break through cyber defenses; from tampering with voting systems to AI-powered hacking, here are some of the significant threats on our radar screen.
Cyber Threats, Intelligence & Best Practices
Cybersecurity threats are within three broad categories; attackers are after:
- Financial gain
- Espionage (corporate espionage – the theft of patents or state secrets)
Virtually, all the cyber threats fall into one of these three modes. In terms of attack techniques, malicious actors have so many options like:
DoS & DDoS Attacks
DDoS is a DoS attack when an attacker takes over many (thousands) of devices and uses them to function a target system, e.g. a website, crash it from an overload of demand.
DoS is when a website captures more traffic than its capacity to deal with, as the website’s server gets overloaded, it becomes near-to-impossible for the website to serve its content to visitors who are accessing it.
Often, this kind of traffic is malicious potent, as an attacker loads the site with overwhelming traffic to shut it down; your competitor can do this menace with you.
A DDoS attack loads servers, systems, or networks with attack traffic to exhaust the provided resources and bandwidth. As a result, the system is unable to fulfill legitimate requests. Attackers use multiple compromised devices to launch such attacks.
There are a few ways of DoS and DDoS attacks;
- Smurf attack: This attack vector uses IP spoofing and the ICMP to saturate traffic on a target network; ICMP requests targeted at broadcast IP addresses.
- TCP SYN flood attack: An attacker exploits the buffer space when a Transmission Control Protocol (TCP) session initialization handshakes.
- Teardrop attack: This attack dropped the length and fragmentation fields in sequential Internet Protocol (IP) packets to overlap the host.
- Bandwidth attacks: This DDos attack overloads the target with substantial amounts of data (mostly junk). This results in a loss of equipment resources and network bandwidth that lead to a complete denial of service.
- Traffic attacks: Traffic flooding attack sends a huge volume of TCP, UDP and ICPM packets to the host; legitimate ones get lost and often accompanied by malware exploitation.
- Application attacks: Application-layer data messages deplete resources in the application layer, leaving the target’s system unavailable.
- Ping-of-death attack: This attack uses IP packets to ‘ping a target system using an IP size (over a maximum of 65,535 bytes).
DDoS attacks are not just rising, but also getting bigger yet devastating than before; from websites to banks, no one is non-vulnerable.
Do you know, a 2017 report from Cisco reported that DD0S attacks exceeding 1 gigabit per second would reach 3.1 million by 2021.
How to detect a DDoS attack?
- Packet Analysis: A high-performance DDoS device instantly detects and mitigates anomalies, process incoming and outgoing traffic continuously – asymmetric and symmetric processing.
- Mirrored Data Packets: These data packets don’t work in the path of traffic, but provide analysis, and detect anomalies quickly; you cannot scale up though.
- Flow Sampling: In this method, the router samples packets and exports a datagram about them; all routers support this technology, and it’s highly scalable.
When a DDoS attack detected, BGP (Border Gateway Protocol) host sends updates to ISP routers to route traffic heading to victim servers at the next hop.
Can you stop a DDoS attack?
There are countermeasures to mitigate DoS and DDoS attack, like;
- Place servers behind a firewall to stop SYN packets.
- Disable IP-directed broadcasts from the routers.
- Increase the size and decrease the timeout on open connections.
- Configure the end systems to keep responding ICMP packets coming from broadcast addresses.
- RFC3704 filtering denies traffic from spoofed addresses and ensures the traceability of traffic to its source network.
- Blackhole filtering also drops undesirable traffic before entering into a network.
Warning: If you conduct a DDoS attack, supply or obtain stresser or booter services, get ready to receive a prison sentence, a fine or both.
The term malware is any piece of software that is written with the intent of stealing data, damaging devices, and generally creating a mess.
Malware is often created by hackers: usually for making money, either by spreading the malware or selling it to the highest bidder on the Dark Web; it can also be used as a tool for protest, to test security, or to be used as war weapons between governments.
No matter why or how malware reached your PC, it’s always bad news.
Warning signs of malware
- Slow computer
- Automatic operations – Programs opening and closing
- Blue screen of death (BSOD)
- Suspicious activities of modem and hard drive
- Lack of storage space, when your drives are not full.
- You’re sending out spam
- Pop-ups, toolbars, websites, and other unwanted programs
Malware can be of many types; some of the widely known ones are:
- System or boot-record infectors: A boot-record virus sits with the master boot on hard disks; when you launch the system, it will look for the boot to load the virus into memory, later it propagates it to other disks and computers. In some cases, the computer becomes unstable or data disappear from partitions; the infected computer fails to start or locate the hard drive.
- Virus: Like their namesakes, viruses get accompanied with clean files to infect other files. They spread uncontrollably, deleting or corrupting files, and damaging a system’s core functionality. They appear as an executable file (.exe).
- Macro viruses: As the name refers, these viruses infect major applications – Microsoft Word or Excel, attaching to them to initialize sequence. Upon launching the application, the virus executes its instructions before transferring control to the application. The virus then replicates and attaches to other code in the host system. Melissa Virus 1999s is the best example of such viruses.
- File infectors: File infector attach themselves to executable code – .exe files – and installed when the code is loaded. Another version of the same malware associates itself by creating a virus file using the same name and the format. They are often memory-resident, once executed, they remain in the computer’s memory and infect further programs. Examples are Jerusalem and Cascade.
- Botnets: It’s when the millions of systems infected using the malware under hacker’s control to carry out DDoS attacks; they are difficult to trace because of multi-geographic locations.
- Stealth viruses: These viruses will take over your system functions to conceal themselves by compromising malware detection software. These viruses can change the file’s date and time of last modification, or conceal the size of an infected file.
- Polymorphic: Find these viruses somewhere between cycles of encryption and decryption, proceeds to infect an area of code. Such viruses are difficult to detect but have an entropy because of the modifications of their source code.
- Trojans: To find Trojan or a Trojan horse, scan useful programs, don’t worry! They are not self-replicate; these can be backdoor downloader, info-stealer, remotely access, and/or a DDoS; have you heard about the Trojan Astaroth, that attacked 8000 machines?
- Logic bombs: It is a malicious software appended to an application and triggered by a specific occurrence, such as at a specific date and time or in a logical condition; they behave differently at different times. The credit goes to Roger Duronio of UBS PaineWebber for successfully deploying a logic bomb, but jailed for eight years.
- Droppers: A dropper is used to install viruses, it does not infect computers but can connect to the internet and download virus software, while residing on a compromised system.
- Worms: Worms are self-contained programs that propagate across computers to disturb network security through email attachments; open the attachment to activate the program. A typical worm exploits also include sending a copy to every contact in an infected computer’s email address. A worm also spreads across the overloading email servers to cause DoS attacks. Worms could be in the form of internet, email, IRC (Internet Relay Chat), instant messaging, File-sharing, etc. The most notorious ones are; The Morris Worm, The Storm Worm, and SQL Slammer.
- Ransomware: Hacker’s most favorite and one of the biggest cybersecurity threats of this century. It is a malware that can block your access to your own data and threatens to delete and/or publish it unless you handover a hefty amount of ransom; more advanced ones use cryptoviral extortion – encrypts the files in a way that nearly impossible to recover without the decryption key. Heard about million-dollar ransomware, SamSam? That made $6 million in payments, often demands $50,000 (only) in bitcoin, and so far, caused $30 million in losses to victims.
- Adware: Adware is for marketing purposes; malvertising banners are displayed during the program. It can be automatically downloaded while browsing and can be viewed through pop-ups or sidebars.
- Spyware: As the name refers, Spyware is installed to secretly collect information, tracking users without their knowledge and sends the data to a remote user. It is also a bridge to download other malicious programs from the internet. Spyware is similar to Adware but installed unknowingly, especially when you install any free application or software.
Want to know how far malware have destroyed our cyber world?
Have a look!
Cyber Attacks in a nutshell – Malware Special!
Is Malware Preventable? Yes, anti-malware can do this wonder
Following malware removal approaches will help you decrease the existence of Malware.
- Do not execute any program unless it is from a trusted source – Don’t trust online strangers.
- Use a reliable anti-malware application like Malware bytes – you can also use a free malware removal for this.
- Disable scripting and cookie usage to avoid hacking attempts.
- Scan DVDs, CDs, pen drives, or any external devices before accessing them.
- Move all the emails from unknown senders to Junk, especially those with attachments.
- Install the latest patches of your operating system.
- Enable Spam filtering for email-based attacks.
- Do not download programs received in instant messaging applications – double check your downloads.
- Download programs, but don’t forget to scan them first.
- Disable unnecessary services.
- Try to change default/easy-to-guess passwords of all of your accounts, systems, and services.
- Use security-provided tools such as VPN, antivirus, ad-blocker, etc.
Unfortunately, even if you follow this advice, you still get infected; hackers will find ways to sneak their viruses in every corner of the web. For the closest security, combine your healthy online habits with a powerful anti-malware software, which will detect and stop malware before infecting your Mac, PC, or mobile device.
A MitM (man-in-the-middle) attack is where the attacker intercepts and position between messages being exchanged among parties who believe that they are engaging with one another. You can also called eavesdropping, and once they are in the conversation, your communication will definitely be manipulated, filtered, and stolen.
A MitM attack often use in the military to confuse enemies.
There are two points of MitM attacks:
- On public Wi-Fi, hackers put themselves between the device and the network. Without knowing, the user shares information via them.
- To breach a device, an attacker installs software to process our information.
How common are MitM attacks?
- 95% of HTTPS servers were vulnerable to MitM in 2016.
- MitM attacks were involved in 35% of exploitations.
- Only 10% of companies have implemented HTTP Strict Transport Security (HSTS) for their websites.
Types of MitM Attacks
Some common ones are:
- Session hijacking: In this attack, an attacker hijacks a network session between you and your network server, your computer substitutes the IP address while the server continues the session, you’ll feel like you’re interacting with the client.
As the attacker disconnects you from the server, you no more with you IP address, attacker’s computer replaces that with its own to spoofs your sequence numbers.
See how it works!
Now, the attacker is in touch with the server, and the server is thinking that it is communicating with you.
- IP Spoofing: IP spoofing is somewhat similar to session hijacking when an attacker convince your system that it is communicating with a known, trusted person while providing access to your system. Obviously, to maintain legitimacy, the attacker sends a packet with the IP of a trusted host instead of its own IP to target a host. The targeted host may accepts the packet and act respectively.
- Sniffing: In this, attackers use packet capturing tools to inspect them at a lower level; specific wireless devices allow them to use monitoring or promiscuous mode that allow hackers to see packets that are not intended for it – such as packets addressed to other hosts.
- mDNS Spoofing: Multicast is similar to DNS, but works on a local area network (LAN) using broadcast like ARP; this makes it a perfect target for spoofing hacks. Users with limited knowledge don’t know exactly which addresses their devices are to be communicating with; they depend on the system to resolve it for them. Since devices – TVs, printers, and entertainment systems – keep a local cache of addresses, the victim see the attacker’s device as trusted for a particular period of time.
- SSL Stripping: Since we use HTTPS against ARP or DNS spoofing, attackers use SSL stripping to intercept packets and alter their HTTPS-based addresses to go to their HTTP equivalent endpoint, forcing us to make requests to unencrypted servers; in this, sensitive information can be leaked in plain text.
- Packet Injection: Packet injection is when an attacker leverage their device’s monitoring mode to inject malicious packets into data communication streaks. The packets blend with valid data streams, appearing to be part of the communication, but considered malicious. Packet injection involves first sniffing to determine when and how to craft and send packets.
Man-in-the-middle attack prevention
Currently, there is no technology or manuals to prevent all forms of MitM attacks, but encryption and digital certificates are quite an effective and safe practices that secure both the confidentiality and integrity of our communications.
But hold on!
Since a MitM attack injected into the middle of communications, then how encryption can be of help? How can you say that the IP you’re talking to belong to a legitimate person or entity?
You’re right, but a strong encryption mechanism on wireless access points can prevent unwanted users from joining your network; the weaker will let an attacker to brute-force into a network and begin man-in-the-middle attack.
VPNs can be used to secure environments with sensitive information within a LAN, using a key-based encryption to create a subnet for secure communication.
HTTPS can also be used to secure communicate over HTTP using public-private key-exchanges; this will prevent attackers from having any use of the data he is trying to sniff. Our experts always recommend to install browser plugins to enforce that a user is always using HTTPS on requests.
Another option could be verifying TLS/SSL setups.
Is the internet of things the next platform for MitM attacks?
Analysts predict that the number of internet-connected devices could proliferate into billions of devices over the next five years. Unfortunately, the lack of security in devices complementing the growth in IoT could see a jump in MitM attacks.
Phishing & Spear Phishing Attack
As per a cyber security news website, 91% of the cyberattacks begin with a phishing email; this social engineering attack is a practice of sending fraudulent communications appearing that comes from a trusted source to steal your information or trick you into installing malware.
The picture defines what is phishing and spear phishing.
Phishing scams have been here since the 1990s, adding newer techniques, that’s why hackers are still a way forward from our intelligence; phishing scams in the United States has increased by 297 percent in 2018 compared to ‘17.
Phishing is the leading cause of cybersecurity attacks in the world, sending emails with a strong subject line – job offers, invoice, big offers, etc. – and malicious attachments; they are often from known shipping services or from higher officials of any company.
Spear phishing is the same, but a more targeted yet research-based approach. With a little research, a phisher got to know your colleague’s email addresses and send (seemingly-legitimate) emails – using a trusted source – instructing to download a file (malware), or hand over personal details.
Yes, you’re right! Spear phishing is hard to identify and defend against; other than falsifying “From” section, scammers also add credibility with website cloning — copying legitimate websites to fool users to enter personally identifiable information (PII) or login credentials.
You must be guessing how phishers reach to your email?
There are a few ways scammers obtain your email address; the most common ones are:
- Dishonest “subscribe” boxes
- Harvesting programs ( use bots and scrape sites)
- Buying list of email addresses illegally
- Data brokers
Some of the most common Phishing Scams are;
- Smishing: Smishers will lure into giving away your personal information via text messages, often sent through an online service and contain links to fake websites.
- Pharming: You receive an urgent notification – urgent update, pop-up, attachment, or even PDF – what you will do? Most users download them and then redirect to a fake version of a legitimate website they are accessing.
- Vishing: Vishing is a call from the scammer themselves; they will request you to pass over your personal information urgently.
Along with these, we have witnessed some other social engineering attacks too.
Popular Social Engineering Attacks
- Baiting: Baiting is when an attacker leaves a malware-infected device, such as a USB flash drive, the finder then picks up and loads it onto his or her computer, unintentionally hosts malware.
- Pretexting: A pretexting scam involves an attacker pretends to need personal data to confirm the identity of the potential victim.
- Water-holing: A watering hole attack is when the attacker compromise a specific group of people by infecting a known and trustable website to gain network access.
- Diversion theft: In this attack, the social engineers trick a courier company to involve into the wrong pickup or drop-off location, to intercept the transaction.
- Scareware: Scareware involves tricking the victim that his/her computer is infected with malware or has downloaded illegal content. Then the attacker offers the victim a solution to fix the bogus problem; you’ll be tricked into downloading and installing malware.
- Quid pro quo: A quid pro quo attack is one in which the social engineer offer something in exchange for the target’s information.
- Honey trap: An attack in which the attacker pretends to be an attractive person to interact with you online, fake an online relationship and collect all the sensitive information in the realm of relationship.
- Rogue: Rogue security software is malware that will trick you into paying for the fake anti-malware.
- Tailgating: Tailgating, also called piggybacking, is when a hacker walks into a secured organization by following someone with an authorized access card.
- Staff training is needed to recognize fraudulent emails and what to do when receive such – Phishing Staff Awareness Courses are there for better awareness.
- Closely look at email header “Reply-to” and “Return-Path” make sure it is from the believable source.
- Get familiar with Email filtering technologies to avoid such attacks.
- If you receive an “urgent” email, check with the company requesting the information.
- Move your mouse over the link before clicking it.
- Sandboxing — test email in a sandbox environment before acting on it.
- Do not share your postal address online in a way that can be copied.
- Never download anything, especially if requests appeared on an insecure site (non-HTTPS).
SQL Injection Attacks
Structured Query Language injection is one of the oldest yet the most effective tricks in the cyber world; it is the same that once forced the PlayStation Network (PSN) to share the data of 77 million gamers.
In this cyberattack, a malefactor injects a malicious query into a SQL-based server; the server then forced to expose sensitive data from the database. It is executed by typing a SQL query into an input field or a search box on a web page.
This is how SQL injection takes place.
An SQL Injection does not only let the attacker peek into the database but also let them run administrative commands, modify (insert, update or delete) the database, recover the content of a file, and even issue commands.
SQL injection attack is commonly associated with database-driven websites, those with dynamic SQL, PHP and ASP applications; all credit goes to their older functional interfaces.
J2EE and ASP.NET applications are not highly vulnerable to SQL injections due to their programmatic interfaces.
How to prevent SQL injection?
Here are some measures to prevent SQL injection attacks.
- Avoid dynamic queries
- Provide parameterized database queries(even if SQL commands have been inserted)
- Go for stored procedures: they have the same effect as parameterized queries.
- Integrate security checks (input validation) of blacklist and Whitelist.
- Use captcha queries (“I’m not a robot”) – to protect logins and information processing.
- One of the SQL injection cheat sheets is a firewall.
Cryptocurrency hijacking is the new vulnerability in the world of cybercrime.
Digital currency is not only popular among millionaires but also among cybercriminals – they found their way into the cryptocurrency mining.
Cryptocurrency traders is an easy target for this type of cyber attack.
“Cryptojacking” is a malicious program that help in injecting mining codes silently to the system, using the CPU, GPU, and power resources to mine the cryptocurrency.
A crypto-hijacker either inject a script on a website, trick you into loading crypto-mining code (using phishing-like tactics), and/or or an ad to be delivered to different sites.
Don’t worry! Cryptojacking scripts won’t damage your computers or data, but will steal your CPU processing resources.
How to prevent and detect crypto-jacking script?
- Keep your systems patched and updated
- Monitor for any abnormal GPU and/or CPU usage
Cross-site Scripting (XSS) Attack
Got a pretty much idea of what is cross site scripting attack?
XSS attacks will use third-party resources to run malicious scripts in your web browser or (if any) scriptable application; it might send your web cookies to the attacker’s server, and then, the attacker extracts to use it for session hijacking.
The most dangerous consequences of XSS attack is the exploitation of further vulnerabilities; not just cookies, a hacker can capture screenshots, collect network information, log keystrokes, and remotely access and control your machine.
Cross Site Scripting Prevention
To defend XSS attacks, the best practices are;
- Input validation: It is the process of ensuring an application is rendering the correct data and preventing unwanted data from harming the site, database, and users. Input validation is helpful in preventing a user from adding special characters into the fields, instead of refusing the request.
- Sanitizing: It’s a strong defense, but not when used alone. It’s possible that you’ll be needing all three methods in battling XSS attacks. Sanitizing user input is helpful for sites that allow HTML markup, ensuring that the data received won’t harm either users or the database.
It is a system or software vulnerability that hackers exploit before it is patched by scanning the device or software to spot a weakness, creating respective tools to get ready to launch the attack.
This is how it works!
Once the network vulnerability is identified, there is a time frame before a patch or solution can be used to fix; within that time, cyber attackers keep exploiting the vulnerability.
Ways to protect against Zero-day exploits
By their nature, Zero-day exploits are the most difficult to detect, so does to defend due to its precise nature; these vulnerabilities are not only highly prized for cybercriminals, but for nation states too.
To defend Zero-day exploits;
- Constant monitoring is very important.
- Infrastructure penetration testing would be of great help in identifying the network’s vulnerabilities before hackers do.
- Keep operating systems and applications updated.
- Stick to SSL-verified certificates.
- Use virtual LANS by using a firewall.
- Secure your WiFi system to protect against wireless malware.
As the name refers, it occurs by intercepting network traffic, it’s when an attacker obtain credit card numbers, passwords, and other information.
Eavesdropping can either be passive or active:
- Passive: A hacker listen the message transmitted in the network.
- Active: A hacker disguises as a friendly unit and sends queries to transmitters for grabbing the information; these are called probing, tampering or scanning.
Measures to prevent Eavesdropping attack
Detecting passive eavesdropping is important than active ones since active evesdroppers need to gain knowledge of the friendly units by using passive approach first.
The best approach is to protect eavesdropping attacks with a VPN.
Why would hackers leave such a glorious avenue?
According to Kaspersky Lab, almost 3.5 million pieces of malware were detected on more than 1 million user devices, while the number of new malware detected each day has crossed over 230,000 – mostly target mobile devices.
Here are the top seven mobile threats that are luring the scary thoughts out from mobile users.
- Data Leakage: Mobile apps often the cause of (unintentional) data leakage; “riskware” apps pose a problem for those who give sweeping permissions, but don’t check security. These are free apps you’ll find in all the official app stores (150 Fake Jio Android Apps) that often send personal—and potentially corporate—data to remote servers, where it is mined by cybercriminals and/or even advertisers; data leakages can also be possible via a hostile enterprise-signed mobile apps like Telegram’s unofficial app that were secretly holding infinite malicious sites.
If you want to avoid this problem, then give apps permissions only when they absolutely insist on, and forgo if any program asks for more than the necessary.
- Network Spoofing: It is when hackers set up fake access points (connections that seems like WiFi networks but are traps) in high-traffic locations say libraries, coffee shops, and airports. Often attackers will ask you to create an “account” to access these services; what if you create an account with your most-used password? Then all your accounts will be compromised.
In addition to be cautious when browsing to any free Wi-Fi, never provide your information, and if you are asked to sign up, create a unique password.
- Unsecured Wi-Fi: Would you burn through your cellular data when wireless hotspot is available? Nobody would, no matter how unsecure free Wi-Fi networks are.
To be on the safe side, only use free WiFi on your mobile device, and never access confidential or personal services – banking or credit card information.
- Phishing Attacks: Since our mobile devices are always powered-on, they become the front lines of any phishing attack. According to CSO, mobile users are highly vulnerable to phishing scams, since they are the first to receive legitimate-seeming emails and often take the bait.
Email monitoring is critical, so try not to click on unfamiliar email links. On a smaller screen, they can be harder to verify, so, always enter URLs manually.
- Broken Cryptography: As mentioned already, it happens when app developers use weak encryptions, or strong encryption but without proper implementation.
Here, the burden goes to the developers and organizations to enforce encryption standards before deploying apps.
- Spyware: The most worrisome malware is the one that sends data streams back to international cybercriminals or foreign powers, that’s Spyware.
Download a legitimate antivirus and anti-malware to detect and eliminate these programs before they collect your data.
- Improper Session Handling: To facilitate ease-of-access, many apps make use “tokens,” which let users to perform many actions without re-authenticate their identity.
Use secure apps that generate new tokens with each access attempt, or “session;” improper handling apps unintentionally share session tokens to malicious actors, impersonating legitimate users.
Sources of cybersecurity attacks
Cyber threats come from places, people and contexts, including;
- Individuals using own software tools
- Industrial spies
- Criminal organizations, with a large number of employees developing attack vectors.
- Nation states
- Organized crime groups
- Business counterparts
Nation state is often the source of the most serious attacks; some plan basic espionage – to learn another country’s national secrets, while others plan massive disruption.
Many cyber threats are traded on the “dark web,” a disorganized yet widespread criminal cesspool of the Internet, where wannabe hackers buy malware, ransomware, credentials of breached systems, and more. The dark is a multiplier for threats, where a hacker can spread his or her creation over and over.
Cyber-defense get easier if we know all the most-favorite moves of hackers; we’ve shared you a detailed list of all the cyber offenses that hackers around the world are using to disrupt and compromise information systems.
Have you noticed, a hacker has so many options – malware, DDoS, man-in-the-middle, brute-force, password guessing, and else, to gain unauthorized access to infrastructures and data.
The question is, do we have enough measures to mitigate them?
We have played our part, the rest is up to you.
It’s your cyberwar, take the control in your hand.