Top 10 Cybersecurity Threats
9 October 2020SafeAeon Inc.
Phishing is the type of cyber attack that is used to gather sensitive information such as login credentials, credit card numbers, bank account numbers, or other financial information. This attack tricks the victim into believing that the e-mail is from a legitimate source such as a request from their bank or a note from someone in their company such that the victims click on the link or download an attachment.
In 1994-1995, AOL was having a good time because it was the number-one Internet service provider (ISP), millions of people used their services each day. In Mid-1994, a hacker called “DA Chronic” developed a windows application and named it “AOHell” and integrated the first-ever phishing toolkit “CC/PW Fisher” that exploited AOL’s direct messaging system. Hacker was able to obtain personal credentials by sending a direct message to layman users. So this was the first phishing attack ever generated.
“Phishing is the simplest kind of cyber attack and, at the same time, the most dangerous and effective.”
Main steps that are used in phishing are:-
- Upload Phishing kit.
- Send phishing e-mail to the users.
- Victim visits that phishing page(hacked site)
- Victim inputs his/her credentials.
- The phisher/hacker fetches that e-mail credentials and hijacks the victim’s account.
Ransomware consists of 2 words ransom and malware, where payment is money demanded by kidnappers for the release of captives, and malware is malicious code used for damaging or disrupting the victim’s computer system. So, ransomware is a type of malware that is used for hijacking the victim’s network or data, and the ransom is demanded to return access to the victim.
The first ransomware attack was held in 1989, known as “AIDS TROJANS.” This attack was initiated by Joseph Popp, Ph.D., an aids researcher, who attacked by distributing 20,000 floppy disks to AIDS researchers spanning more than 90 countries, claiming that the drives contained a program that analyzed an individual’s risk of acquiring AIDS through the use of a questionnaire. However, the disc also included a malware program that would be initially inactive in a computer, only activating after a computer was powered on 90 times. After the 90-start threshold was reached, the malware displayed a message demanding a payment of $189 and another $378 for a software lease.
By any chance, if your computer is infected with ransomware, these are the essential steps which can we do for Windows 10:-
- Reboot Windows 10 to safe mode.
- Install antivirus/antimalware software.
- Scan your system to find the ransomware program.
- Restore the computer to a previous state.
Install antivirus software in your system, which detects malicious programs like ransomware as they arrive.
- Keep your Operating System patched and update time to time to ensure you have less vulnerability to exploit.
- Don’t install software or give it administrative privileges unless you are fully aware of what it is and what it does.
It is a hacking technique used to crack a password or find a hidden web page using trial and error methods, guessing the credentials or username list or password list. Basically, in a brute force password attacker/hacker does not exploit any vulnerabilities in the web application, they try all the possible combinations and permutation of the password and username of the victim and try to see If he/she can get access any of those rights. The attacker tries every single possible password solution (i.e., lowercase letters, capital letters, numbers, and special characters) until a solution is found.
An attacker tries to guess one of three things using brute force:-
- A user or an administrator password
- A password hash key
- An encryption key
Github is the platform that faced the most significant brute-force attack in 2013. During this attack, researches identified brute-force login attempts being from close to 40,000 unique IP addresses. It is still unknown that from where did the list of “weak” passwords came from.
Ecommerce platform TaoBao was affected by a massive brute-force attack in February 2016. In this 99 million usernames and passwords were used to brute-force existing TaoBao accounts. One in five attempts was successful.
- Use two-factor authentication
- If anyone tries to login with wrong credentials more than five times, than the user must be blocked.
Malware is short for malicious software, is computer software or programs that are designed to damage, infiltrate, disrupt, or gain unauthorized access to a system without user consent or knowledge. Malware is delivered in the form of a link or file over e-mail and it will execute when we click on it.
Following are the different types of malware:-
In 1971 creeper was an experiment designed by Bob Thomas to test how a program might move between computers. Creeper gained access via ARPANET and copied itself to the remote system where it displayed the message: “I am creeper, catch me if you can.
In 2005 Koobface Virus is one of the first instances of malware to infect PCs and then propagate to social networking sites. By rearranging the letters in “Koobface,” you get “Facebook.” This virus also targeted other social networks like MySpace and Twitter.
In 1986 malware authors disguised one of the earliest Trojans as a popular shareware program called “PC-Writer.” Once it gets entered into your system, it would erase all of a user’s files.
In 2010, when Stuxnet Worm was released, security analysts openly speculated that this malicious code was designed with the express purpose of attacking Iran’s nuclear program and included the ability to impact hardware as well as software. This sophisticated worm is believed to be the work of an entire team of developers, making it one of the most resource-intensive bits of malware created to date.
- Install Antivirus Software on your system and update that antivirus from time to time.
- Keep your Operating System safe and secure your network.
- Don’t use open Wi-Fi.
Distributed Denial of Service (DDoS)
DDoS is an attack in which an attacker sends multiple requests from multiple sources to flood the bandwidth or resources of the targeted system. The main goal of this attack is to make its services unavailable.
They target a wide variety of essential resources, like banks, news websites, etc. and present a significant challenge for making sure people can’t publish and access important information.
For businesses like e-commerce for whom availability is primary requirement and a successful DDOS attack on them can cost them a huge amount of business.
On 22 July 1999, the first DDOS attack was introduced. In this attack, a computer at the University of Minnesota suddenly came under attack from a network of 114 other computers infected with a malicious script called Trin00.
In actuality, code caused the infected computers to send redundant data packets to the university, overwhelming its network and preventing it from handling legitimate requests. In this way, the attack knocked out the university’s computers for two days. It spread like bush-fire. In months many websites became a victim of the attack, including Yahoo, Amazon, and CNN. Each of them was flooded with data packets that prevented it from accepting legitimate traffic, and in each case, the malicious data packets came from a network of infected computers.
- ISecure your network infrastructure.
- Create a Denial of Service Response plan.
- Understand the warnings signs.
Man In The Middle Attack
A man-in-the-middle attack is where an attacker/hacker eavesdrops into a conversation between the sender and receiver, impersonates both sides and gain access to information that they both were trying to send to each other.
This attack allows an attacker to intercept, send and receive data meant for someone else, or not involved to be sent at all, without either outside party knowing until it is too late.
The aim of this attack is to steal personal information, such as login credentials, credit card numbers, and account details. The main targets are the users of financial applications, software as a service (SaaS) businesses, e-commerce sites, and other websites where logging in is required.
In 2015, a cybercriminal group in Belgium stole a total of $6 million by hacking through man-in-the-middle attacks and large European companies. In this, hackers were able to gain access to corporate e-mail accounts and asked for money from clients using hacked accounts.
According to the report of Europol’s official press, the modus operandi of the group involved the use of malware and social engineering techniques. Once they found their way to enter, then they carefully monitored communications to detect and control payment requests. We can do Man-in-the-middle in two-phase interception and decryption.
The first step intercepts user traffic through the attacker’s network before it reaches its intended destination. We can do interception in a better way by launching one of the attacks:- IP spoofing, ARP spoofing, DNS spoofing. After an interception, any two-way SSL traffic needs to be decrypted without alerting the user or application. With the following number of methods, we achieve this HTTPS spoofing, SSL BEAST, SSL hijacking.
SQL injection is the type of cyber attack in which the attacker injects some malicious code in the login field and tries to manipulate the database using SQL queries. It is a web security vulnerability that allows an attacker to interfere with the questions that retrieve the database. SQL injection allows an attacker to view the data, modify or delete the data.
According to the Vulnerability Statistics report, SQL injection represents 5.5% of all vulnerabilities. One of the most dangerous SQL attacks took place when hackers attacked Heartland Payment Systems to gain access to 100 million cards, causing $300 million in losses.
Today, SQL injection is at the top of OSWAP top10.
- Do not use dynamic SQL
- Update and patch the vulnerabilities
- Buy better software
A Zero-day attack occurs at the zeroth hour, i.e., attacker does this when he spots some vulnerability in our applications. Even developers can’t do anything to stop it. He can only apply patches on a later stage to temporarily solve the problem without releasing fully-fledged updates.
Steve Morgan, founder, and editor-in-chief at Cyber security Ventures, an online security research organization, predicts that exploits will rise from one attack per week in 2015 to one per day by 2021.
In late 2014, Sony Pictures were also a victim of Zero-Day exploit. The Hacker group named itself as ‘Guardian of Peace’ attacked Sony’s network using malware.
The attack crippled the whole of Sony’s system and led to the release of sensitive information. The compromised data includes details of business plans, personal e-mails of senior Sony executives, and even copies of upcoming movies.
In March 2018, zero-day exploits were found in PDFs. They contained two zero-day vulnerabilities (CVE-2018-4990 and CVE-2018-8120) that were targeting Adobe’s Acrobat. CVE-2018-4990 was an out-of-bounds read vulnerability in Acrobat Reader, and latter was used to bypass Acrobat Reader’s sandbox.
Outdated And Unpatched Systems
Unpatched software means there are bugs in a program that a company is aware of and will not or cannot fix it. Users can also be responsible for unpatched software.
According to one study, nearly 60% of organizations that suffered a data breach within the last two years had cited known vulnerabilities that had not yet been patched for a reason.
Updating your software in the traditional way is expensive and complicated. To overcome these operational difficulties, organizations are moving critical software functions to the cloud.
With PS Cloud, your software will never become outdated, as it automatically updated. As you can log into PS cloud from any location and on any device while still accessing the same software, there is no chance your users will encounter out of date software.
Outdated software is one of the software that no longer supported by the vender. It means that any newly found bugs aren’t addressed, and out of date software becomes less likely to work on new hardware and remain compatible with a more modern operating systems.
Every software has bugs and holes. When the program is released, software companies work towards fixes or patches for these holes and flaws
An insider threat to an organization comes from people inside the organization, such as employees, interns, helper, contractors, or business, who knows the internal working of an organization while most of our focus is on protecting your business from outside threats, insiders also a source for damaging attacks.
According to the Verizon Data Breach Investigations Report (2019), 34% of data breaches are due to the internal actor, and Varonis Data Risk Report, 17%, of all sensitivity, were accessible to every employee. So these reports show that it is easy for an insider to attack.
We can prevent over the company from insider threats by using multifactor authentication, investigate unusual activities, ensure that our security policy does not share to every employee of our company, establish physical security in the work environment, and implement strict password and account management policies and practices.