Protecting ourselves against hackers

Protecting ourselves against hackers concerns us all​

How do we go about protecting ourselves against hackers?

Well as we indicated in our previous post, Protecting remote workers against hackers, it all comes down to educating ourselves on cybersecurity and cyberthreats. The more we know about cybersecurity and the cyberthreats we all face, the better equipped we are when it comes to fending off hacking attempts.

Understanding cyberthreats

Before we look at what we can do to protect ourselves against hacking attempts, it’s important to know and understand the various cyberthreats we all face. So here a little bit of context.

What is hacking?

The definition of hacking according to the Oxford Dictionary is: the activity of using computers to get access to data in somebody else’s computer or phone system without permission.

What is a hacker?

Again, according to the Oxford Dictionary, the definition of hacker is: a person who uses computers to get access to data in somebody elses computer or phone system without permission.

There are two (2) kinds of hackers.

  • There’s the White Hat hacker who is a good guy.
    • He will test your IT infrastructure to find vulnerabilities and report on them, so the appropriate measures and mechanisms can be put in place and prevent unauthorized access.
  • And then there’s the Black Hat hacker. This is the guy we need to worry about
    • Black Hat hackers steal information for profit and/or to cause harm to his victims.

This lengthy post is all about protecting ourselves against the threat Black Hat hackers pose to everyone, every business, institution, organization, and governments in general.

Hacking and hackers have existed ever since the first computer came to be. With the arrival of the first personal computers and electronic forums such as CompuServe and Arpanet (precursor to today’s Internet), the threat from hackers only increased. With the advent of the Internet that treat increased exponentially. Here’s why.

The Internet has increased the level of threat we face from hackers

The World Wide Web (WWW) or Internet as we commonly refer to it, is far bigger than most people realize. If we break it down and put it in simple terms, the WWW consists of

The Surface Web

This is the Internet that we've all come to know and rely on and, in many cases, many of us use daily.

From email to social networks, from video conferencing to voice-over IP (VoIP) and other on-line services, no matter where you are on the planet, it connects us all in a variety of different ways

It’s estimated the Surface Web consists of over 5,000,000,000 pages, with more being added every day

The Deep Web

The Deep Web is much bigger than the Surface Web.

It consists of protected pages that can’t be accessed without some types of login credentials and user authentification..

Such pages include banking websites, government agencies, e-commerce websites, corporate intranets and many other protected sites, portals and pages

The Dark Web

The Dark Web is a section of the Internet that’s hidden from everyone and can’t be accessed through a conventional browser.

The Dark Web exceeds both the Surface Web and the Deep Web in size.

It's a gigantic marketplace, where all sorts of illicit and illegal activities and trading are taking place, every minute of every day.

Now that we have a better understanding of what the world wide web (WWW) consist of, what exactly do we have to protect ourselves against? In a word, attacks.

Hackers launch various types of attacks in the hope of gaining access to private and sensitive information, that they can than turn around and use to their own benefit or sell. It goes without saying that what’s to a hacker’s benefit isn’t going to be good for his victims!

Cyberthreats can be found virtually everywhere on the internet

Contrary to what many say and believe, the Internet is still very much like the wild-wild-west of old. You have some good things going on as well as a lot of shenanigans. Some of those shenanigans are just pranks, whereas others can have some extremely severe consequences.

Hackers are constantly innovating and creating new ways to attack unsuspecting and often ill protected users.

Therefore, it's important to know what we're up against and what to do to protect ourselves against those cyberthreats.

As the old saying goes, an ounce of prevention is better than a pound of cure. When it comes to protecting our private and confidential information, which we all have (ex: banking login credentials, credit card details, social security number, etc...), those words never rang more true!

Types of cyber attacks

There are twenty (20) types of common cyber attacks, that we’ve known about for decades. Regardless of who and what you are, all of us need to know how to defend ourselves against them. We’ll talk about those shortly.

There is however a new form of attack that was identified in 2019 by IBM, that everyone needs to be aware of. 

This new threat is called warshipping. Although it is said to have been first discussed in 2008 at a DEFCON hacker conference, only recently did it become reality.

What is warshipping?

Warshipping is the ability to break into someone’s Wi-Fi network from afar.

Unlike wardriving, which consist of hackers driving around with a bidirectional antenna, looking for wireless network signals they can crack, warshipping uses inexpensive off-the-shelf components available in many electronic stores (think RadioShack or The Source in Canada) to build a single-board computer with 3G and WI-FI capabilities, that’s powered by a cell phone battery.

Without going into too much details (you can read the Infosecurity article for that), this small device can be hidden in a package delivered by the postal service, UPS, FedEx or any of the many other courier services so many of us use. Once the package reaches its destination:

  • It connects to the local WI-FI network, harvests the data locally and then using its cellular connection, sends it to a remote location .
  • If it ends up in a mail room where it can often sit around for a long period of time, it can mount a man-in- the-middle (MITM) attack, which we’ll again outline later on, where it impersonates a legitimate WI-FI access point and tricks users into accessing it. Once the users do, it collects their user credentials and other sensitive information which again, via it’s cellular connection, it sends out to a remote location

Once the hacker has the information the device collected, using any number of cracking resources, they can extract valuable data, allowing them to gain access to the victims’ network and connected devices.

IBM has demonstrated that this type of attack is real. So bottom line, whether you’re a corporation, a bank, a government agency, or an individual, if you have access to sensitive information that is valuable and coveted, carefully examine any and all packages you received, to make sure said package doesn’t have an uninvited guest along with the contents you expected.

Twenty (20) most common types of cyber attacks

Here is a list of the most common attacks that cybersecurity and IT professionals have known about for decades.

Knowing about these threats should not be limited only to IT and cybersecurity professionals. We all need to learn more about them and how we go about protecting ourselves.

Basically, these types of attacks overwhelm a system to the point that it crashes and becomes vulnerable to other types of more targeted attacks.

Bottom line, Man-in-the-middle (MITM) attacks is basically spying. It refers to breaches in cybersecurity that make it possible for an attacker to eavesdrop on the data sent back and forth between two people, networks, or computers.

More often than not, a phishing attack consists of malicious emails being made to appear as coming from legitimate sources. The intention here is to gain access to sensitive information and use that information nefariously.

Basically, the same as phishing attacks BUT, going after big fish such as executives and board members of fortune 500 and fortune 100 companies.

Again, basically the same as phishing attacks but this time, targeting a very specific individual that was extensively researched

This is a type of attack that we hear and read about quite often these days.

Ransomware is code that was downloaded either from a website or from an email attachment. Once the code is in place and executes, the computer systems are being held hostage and, become either useless or are re-programmed to do harm, until such time as a ransom is paid to the attacker.

As the name implies, this type of attack is aimed at finding out passwords which then allows the attacker to access the systems without raising suspicion. Password attacks can be simple or complex as one can see.

  • The attacker can simply try and guess the password which, if it’s something that’s easy to remember like “12345678”, doesn’t really require much effort on the attacker’s part.
  • When users write their passwords on a piece of paper or post it note they then stick to a monitor, the attacker only has to read and write the information or pay someone to do it.
  • If unencrypted data circulates on your network, the attacker can intercept that information and grab your password.
  • A user is asked to do something where he needs to enter his password and, a keylogger that was installed on the computer grabs that info and send it out to the attacker
  • Social engineering is where the attacker researches the targeted individual and uses things such as birthdays, name of his spouse and children, pet names, hobbies and/or a combination of all of the above, just to name a few, to guess the target’s password and /or using a small program that runs all of the possible combinations and permutations, lauches a brute force attack

Considering the victims of these attacks are governments, financial institutions, large corporations and the likes, these attacks can have far reaching impacts.

SQL injection, also known as SQLI, is a common attack vector that uses malicious SQL code for backend database manipulation, to access to information that was not intended to be displayed.

This information may include any number of items, including, just to name a few,:

  • Sensitive company data
  • User lists
  • Private customer details

This consists in altering or fabricating URL addresses (URL poisoning) in order to gain access to the targets’ personal and / or  professional information, as well as areas that are inaccessible.

The attacker alters or spoofs the Domain Name System (DNS), in order to send users to fake websites he has total control over, where users are asked to enter information the attacker than grabs.

This is a MITM (man-in-the-middle) attack where the attacker takes control of a session between the client and the server. This is done by substituting the IP address of the client for one the attacker fully controls

As mentioned previously in password attacks, this is where the attacker uses small programs (i.e.: bots), to bombard a system in order to guess the user’s password and, gain access to his intended target

Using tactics such as SQL Injection and cross-site scripting (XSS), web attacks target vulnerabilities in web-based applications

This is one of the hardest types of attacks to fight off as it comes from within. Think here of a current employee who already has access to your systems, knows a thing or two about them and, uses that knowledge to gain access to things he shouldn’t.

It could also be a computer savvy disgruntled ex-employee whose login credentials haven’t been purged from the system (happens more often than you think) who remotely accesses your systems with the intention of causing harm.

Trojan horses are malicious pieces of codes residing in legitimate software applications, that open backdoors to your systems that hackers can then exploit.

This is malicious code (i.e.: malware) embedded in an unsecure website. Whenever a user visits that site, the code executes and infects the user’s computer

This is basically malicious code (scripts) residing in clickable objects (ex: JavaScripts) on a website, that then gets sent to the user’s browser and quietly sits there, waiting to exploit vulnerabilities.

Going forward, whenever you access that site (or any other the script was programmed to target), if there are indeed vulnerabilities to be exploited, that malicious code (i.e.: malware) executes and the hacker substitutes the website’s code for his.

The injected code can simply be adding spam content to a webpage or the entire website but, it can also insert code that will launch phishing attacks.

As the name implies, this time of attack consists in waiting silently and grabbing whatever information such as login credentials, credit card information and other private and sensitive details that circulates on an unsecured and unencrypted network. It can be either passive or active.

  • Passive eavesdropping is where the hacker listens in and grabs whatever information he needs
  • Active eavesdropping is where a program is placed on the network where it collects data the hacker can analyze at will.

This consists of abusing a security feature such as a hash algorithm used to authenticate. The hash algorithm is a digital signature. If the hacker can create a hash that’s identical to the user’s signature hash appended to their messages, the hacker can replace the user’s message with his own and the receiving device won’t be the wiser.

As the name implies this is malicious software.

Malware infects computers where it can destroy data, spy on the infected machine and / or network as well as infect other systems.

Malware takes many forms mentioned here such as MITM attacks, phishing, ransomware, SQL injection, Trojan horses, drive-by attacks, and XSS attacks.

For malware attacks to occur there needs to have been user interaction. This interaction can consist of having done things such as:

  • Visiting a malicious website where a piece of code was residing (XSS attack) and attached itself to the user’s browser.
  • Installing a software that had malicious code (trojan horse attack) in it.
  • Clicked on a malicious link in an email (phishing attack) that sent the user to a malicious site.
  • Opened an email attachment (phishing attack) that contained malicious code that installed on the user’s computer.

Now that we know who and what we need to worry about, it’s time to talk about what we can do to protect ourselves against those cyberthreats.

Cybersecurity

Basic countermeasures

Going back to our previous post on Protecting remote workers against hackers and as stated earlier herein, it all starts with educating users. Which is what this post is all about. This being said, the basic measures we can all take to protect ourselves against hackers are:

  • Installing a reliable Internet security software that also includes a firewall on all your connected devices.
    • Software packages like Norton 360, Kaspersky internet security, Panda Dome Advanced for example will address those.
  • Use strong password that are hard to guess and therefore crack.
    • If you have too many passwords and it’s hard for you to remember them, many security software packages have a secure password manager you can use to store your credentials.
  • Monitor intrusion attempts.
    • Again, many security software packages have that capability and send alerts whenever an intrusion attempt is detected and blocked.
  • Make sure all the updates, upgrades and patches for your operating system and Internet security software package are installed as they are released.
  • Talk about and repeat often that cybersecurity is not to be taken lightly. The more people are aware and taking appropriate measures, the more secure we all are

Advanced countermeasures

If you are a business or any kind of large organization, there are additional measures that can be put in place to enhance security and prevent your information from ending up in the wrong hands. Such measure include:

  • Controlling access. This can include:
    • Controlling physical access to premises and computer network infrastructures.
    • Using application controls to restrict user access to data and services.
    • Controlling ports on computers connected to your network, so no external devices (ex: USB keys) can be used to copy data on them. Devices that the user can then take with him or her as he / she walks out the door.
    • Have content filtering security software and / or appliance to filter out malicious emails, attachments and websites
  • Use a hardware firewall appliance to protect your network from the outside world as well as internal sections of your network.
  • Use VPNs to provide secure and authorized remote access.
    • Also provide VPN clients to your users. This will enable them to securely access your companies IT resources from remote locations.
  • Have a local backup solution in place that is complemented by backup cloud services.Our article on Edge and cloud computing illustrates how these two (20) technologies complement each other as well as the importance of having hybrid infrastructures in place.
    • If all your information is gone or corrupted after being the victim of a hack, your backup will enable you to restore your information.
    • Make sure you backup your data daily. In so doing, should something severe happen, you can do a complete restore of your data, Which means you may loose only a few hours as opposed to days, weeks or longer!

Once all these measures are in place, it will make it harder for anyone to steal your valuable information. HOWEVER, you “may” also want to consider using the services of a White Hat hacker just to make sure everything is secure.

A white Hat hacker will perform an ethical hacking mandate which includes intrusion attempts (commonly referred to as penetration testing)and provide you with a report of what his findings.

If that report includes vulnerabilities, part of an ethical hacking mandate also includes in the report, various recommendations and measures that can be taken to remedy the situation.

Conclusion

You and your confidential data are now secure

there you have it. You can now rest easy knowing that you've done all that needs to be done to make sure that your private and confidential information is safe and secure.

Just bear in mind that as stated earlier, hackers are constantly innovating and coming up with new ways to get access to things they shouldn't have.

Therefore, that means that cybersecurity and protecting against cyberthreats in an on-going process. One that none of us can overlook. We must all be vigilant and keep the measures in place up to date and up to par as well

Data Telcom specializes in selling and buybacks of networking and telecommunications equipment, servers, storage systems and associated peripherals from industry leaders such as Cisco, Juniper, Avaya, Extreme Networks, Brocade, Polycom, HPE, IBM, Lenovo, Dell and many others.

If you ‘re looking to buy reliable, efficient and above all inexpensive equipment or, you have equipment on hand that you no longer use, take advantage of our services. We guarantee you won’t be disappointed!

Ask us for a quote and discover how buying IT hardware products from us can
Do you have old equipment you’re no longer using? Discover how, through our buyback program, you can

Share us on social medias

Partager sur linkedin
LinkedIn
Partager sur twitter
Twitter
Partager sur facebook
Facebook
Partager sur email
Email
Partager sur print
Print

Laisser un commentaire

Votre adresse courriel ne sera pas publiée. Les champs obligatoires sont indiqués avec *