CYBER SECURITY THREATS YOU MUST KNOW
In this technological world, there are lot of chances to fall prey for cyberattacks. So, it is more important to create awareness to everyone about the cyber threats that are in the wild.
When you leave your home, do you make sure to lock the doors? Then what about the windows? A burglar who really wants to get into your home will always find a way to get in. It’s the same with your connected devices and network. There are many ways that a threat actor can gain access to your network and information on your devices.
Types of threats
Attacks to a network can be devastating and resulting in loss of time and money due to damage or theft of information or assets. intruders can gain access to a network through software vulnerabilities, hardware attacks or even through some of the modern techniques like guessing usernames and passwords.
Intruders who gain access by manipulating software or exploiting vulnerabilities are called threat actors.
Information theft
Information theft is breaking into a system to obtain confidential information. These can be used or sold for various purposes.
Data loss and manipulation
Data loss and manipulation is breaking into a computer to destroy or alter data records. An example for this is, a threat actor sending a virus that reformats the computer hard drive. An example for data manipulation is breaking into a record system of an organization to change information, such as price of an item.
Identity theft
Identity theft is also a type of information theft where personal information is stolen for the purpose of taking over the identity of someone.
Disruption of service
Disruption of service is to make a service unavailable to which they are entitled. Examples include denial of service (DoS) attacks.
Social Engineering
One of the easiest way to gain access, whether it is internal or external, is by exploiting human brains. One of the more common methods of exploiting human weaknesses is called Social engineering.
Social engineering is a term refers to the ability to influence the behavior of a human/person. But in terms of computer and network security, social engineering refers to a collection of techniques used to manipulate internal users to perform a specific action or to reveal confidential information. The below are some of the social engineering attack types:
Phishing
Phishing is a type of social engineering where the phisher pretends to be a legitimate person. The phisher typically contacts the individual through email, or any form of text messages.
Vishing (Phone Phishing)
Vishing is a new form of social engineering that uses Voice over IP (VoIP). In vishing, a voice mail is sent to users instructing that to call a numbers which appears to be legitimate. Then the call is intercepted by a thief. And the confidential information are stolen.
Pretexting
It is a form of social engineering where an invented scenario is used on a victim in order to get the victim to release information or perform an action. For this, often some prior knowledge or required is required.
Malware
In addition to social engineering, there are other types of attacks that can be launched by malicious software which exploit the vulnerabilities in computer software. Examples of malware are viruses, spyware, worms and trojan horse.
I have written a detailed blog about Malware. You can go through the below link for more detailed information about malware.
Denial of Service (DoS)
These are aggressive attacks on an individual or a group of computers with the intent to deny services to the users. A threat actor uses a DoS attack to perform the following functions:
- Flood a network, host, or application with network with traffic to prevent users from accesses the service.
- Disrupt the connections between a client and server to prevent access to a service.
There are several types of DoS attacks. The two common DoS attacks are:
- SYN (synchronous) flooding: This is when a flood of packets are sent to a server requesting a client connection. The packets that is being flooded contains invalid source IP addresses.
- Ping of death: This occurs when a packet that is greater in size than the maximum allowed by IP (65535 bytes) is sent to a device. This causes the receiving system to crash.
Distributed Denial of Service (DDoS)
DoS attacks will come from a single IP address and disrupt a website for a period of time until the attack can be isolated. Distributed Denial of Service (DDoS) is a more sophisticated and potentially damaging form of the DoS attack. It operates on a much larger scale than DoS attacks. Typically hundreds or thousands of attack points attempt to overwhelm a target simultaneously.
The attacking points may be unsuspecting computers that have been previously infected by the DDoS code. This group of infected computers is called botnet.
Brute Force
Not all attacks that causes network outages are specifically DoS attacks. A brute force attack is another type of attack that may result in denail of services.
With brute force attacks, a fast computer is used to try to crack or guess a passwords or to decipher an encryption code. The attacker tries a large number of possibilities in a rapid manner to gain access or to crack the code. Brute force attack can denial a service due to excessive traffic to a specific resource.
These are some of the most common threats related to network security, but there are several other cyber attacks in the wild.
Happy learning!!
