Do you follow suspicious links from e-mail? Forget to update the system? Do not have two-factor authentication? Congratulations, you are at risk. The number of cybercrime continues to grow and hackers become more sophisticated every day, finding increasingly clever ways to bypass safeguards.
However, the main types of attacks do not change, they have been known for many years. Hackers operate under the principle “Why come up with something new, if the old one works well.” Let’s look at the five most popular hacker attacks and how to protect against them.
Phishing is a way of hacking through emails in which hackers try to deceive a user and force him to transfer login and password from some service, other credentials or personally identifiable information.
An email can be sent as a notification from the bank or a message from a friend. Using the e-mail protection program will help to detect suspicious links and block spam and messages with malicious attachments. Multi-factor authentication (when question challenges or info sent via text) will help to protect the account even if the password was stolen.
Malware and Ransomware
Malicious software, commonly known as malware, is any software that brings harm to a computer system. Usually, malware infects a computer or computing device when a user opens an e-mail attachment or goes to a link to a malicious site. Ransomware is specialized malware that, when infected, encrypts all files in the system and prevents users access to data until the ransom is paid.
Users vigilance can help recognize dubious requests and suspicious files timely. In addition, endpoint security software should be used to help protect the network should a device become infected.
Hackers can exploit vulnerabilities in system software and web applications to execute unauthorized code, gaining access to the system or stealing information. You can remember the example of Equifax — its Apache Struts web framework was not updated in time, and this led to 143 million social security numbers (in the US this is an important taxpayer identification number), addresses, license numbers and credit cards. There is software for vulnerability scanning, and it tries to find systems that require updates and warn the user.
Potentially Unwanted Programs
Potentially unwanted programs (PUPs) is spyware, Trojans, or adware. Usually they are installed together with another, useful program, which a user has downloaded. Such programs can secretly record all keystrokes, scan your hard drive files and read cookies from the browser. To protect yourself from this threat, do not download or install apps, browser extensions, or other programs from untrusted websites. In addition, it is worth configuring a regular backing up of your system to an external drive or online backup service.
A hacker can access a user account with a brute-force attacks when a special automated tools goes through a lot of login and password options, usually using the dictionary and other passwords stolen earlier, until they successfully log in. To prevent account hijackings, you need to create an account “lockout” after a designated number of failed login attempts. It is also possible to defend against automatic entry attempts using a quick challenge-response test that distinguishes a human from a robot, for example reCAPTCHA.
Large corporations (like ordinary users) have become more responsible for protecting against cyberthreats, and more software products are appearing on the market to ensure the security of a single device or an entire network. Nevertheless, it is impossible to count only on software solutions — no matter what the sellers of these programs say, their effectiveness is not absolute.
According to the Ponemon Institute’s 2017 Cost of Data Breach Study, the average time to detect malicious and criminal attacks last year was 214 days, average time to contain them was another 77. It turns out that the attacker has a year for they dark work!
If you are the owner of a company, you need to develop and implement a comprehensive strategy for detecting and responding to threats — if you don’t have your own qualified IT team, outsource specialists should be involved. And if you are an ordinary user, follow the tips above and don’t rely only on anti-malware software.