Cyber attacks and Prevention
Cyber attack definition
A cyber attack is a deliberate exploitation of computer systems, technology-dependent enterprises, and networks. It is an attack launched from one or more computers against another computer, multiple computers or networks, by way of malicious code. This alters the computer code, logic or data, resulting in disruptive consequences that can compromise data and lead to cybercrimes, Cyber attacks can be broken down into two broad types: attacks. One, where the goal is to disable the target computer or knock it offline.Two, where the goal is to get access to the target computer’s data and perhaps gain admin privileges on it.
Why is cybersecurity Important
This book describes what cybersecurity risks are and the decisions executives need to make to address them. IThere is no sure cybersecurity defense, and Chris Moschovitis doesn’t pretend there is;instead, he tells you how to understand your company’s risk.
Cybersecurity threats are common for business, government, computers, smartphones, tablets, everything having sensitive information and connected to the internet. Hackers steal personally identifiable information (PII), also called Identity theft or Identity Fraud, like names, addresses, and social security numbers to break into someone’s accounts and exploit them. Also stealing of Bank account details, credit cards, and personal photos.
These cyber challenges can be stopped only by Cybersecurity.
Type of cyber attacks
There are two types of cyber threats, Active and Passive attacks
An active attack is a network exploit in which a hacker attempts to make changes to data on the target or data en route to the target. An Active attack attempts to alter system resources or affect their operations. Hacker steals an authorized user’s login information. The intruder gains access and the ability to do anything the authorized user can do. The active attack involves some modification of the data stream or creation of the false statement
A Passive attack attempts to learn or make use of information from the system but does not affect system resources. In a passive attack, the attacker intercepts the transit information with the intention of reading and analyzing the information not for altering it.
Cybercrimes are a threat and as dangerous as an armed intruder—yet millions of Americans are complacent or simply uninformed of how to protect themselves. The Secret to Cybersecurity closes that knowledge gap by using real-life examples to educate readers.
Top 10 cybersecurity threats 2019
Cybersecurity reports by Cisco show that thirty-one percent of organizations have at some point have encountered cyber-attacks on their operations technology. By and large, research indicates that cybercrime is on the rise — news headlines support these findings as major companies like Marriott, Equifax, Yahoo, and Facebook find themselves in the crosshairs of cyber attacks. In cyber attacks, a series of companies exposed almost 600 million citizens’ CVs.in April 2019. April 2019 saw 1,334,488,724 breached records. ( Read more at www.thesslstore.com )
Organizational awareness for cybersecurity is on the rise, But hackers are finding new and creative ways to bring organizations to their knees.
Following are some of the security threats that need attention in 2019
1. Cryptojacking-cryptojacking also called crypto-malware is one of the latest cybersecurity threat. Cybercriminals hijack third-party home or work computers to “mine” for cryptocurrency. Ransomware has been one of the biggest threats impacting businesses in the past two years, exploiting basic vulnerabilities including lack of network segmentation and backups, According to Symantec, UK cryptojacking attacks increased 1,200%, in recent times.
2. Fileless Malware-Fileless malware is a type of malicious software that uses legitimate programs to infect a computer. Attackers program file-less malware to occupy the RAM. Cyber threat analysts find it hard to trace this kind of malware as they don’t have any file on the hard drive and don’t leave any footprint.Ponemon Institute claims that fileless attacks are 10 times more likely to succeed than file-based attacks.
3. IoT security issues-Companies are adding more and more devices to their infrastructures, According to Statista.com, the number of devices connected to the IoT is expected to reach almost 31 billion by 2020. Cybersecurity is often the last consideration when it comes to IoT. They are more prone to cyber attacks.
4. Zero-day threats- A threat that exploits the computer’s security vulnerability.A cyber attack which takes place before or on the first (or “zeroth”) day of a developer’s awareness of the exploit or bug.
6. Mobile malware-Mobile malware is malicious software specifically written to attack mobile devices such as smartphones, tablets, and smartwatches. it is a growing threat to consumer devices. The number of mobile malware attacks has doubled in 2018. Mobile malware is becoming more effective as cybercriminals improve their distribution strategies and it is on rising as the world is going mobile.
7. Banking Malware-Banking malware is a class of information stealing malicious software that targets the financial industry It delivers the information to cybercriminals to steal money from victims. Emotet malware originally engineered as a banking trojan is one of the most dangerous strains of malware.The trojan is primarily spread through spam emails to steal sensitive information. Global Threat Index reported that over the preceding four months, banking Trojans had increased their global impact by 50 percent.
8. Stegware-Stegware is the use of steganography by malware to avoid detection. Steganography is a method of concealing a file, message, image or video within another file, message, image or video. Researchers at RSA Conference 2018 discussed the rise of stegware hacking tools that use steganography techniques. Steganography is the latest weapon of cyber attackers. Steganography is used to hide various type of malware.
9. Connected Cars and Semi-Autonomous Vehicles-By 2020, an estimated 90 percent of new cars will be connected to the internet, according to a report titled “7 Connected Car Trends Fueling the Future. One recent study suggests 2035 as a more reasonable date for most cars to be self-driving, with nearly all cars being autonomous by 2050. For hackers, this evolution in automobile manufacturing and design means yet another opportunity to exploit vulnerabilities in insecure systems and steal sensitive data. In addition, connected cars pose serious privacy concerns.
10. Phishing Scams-Phishing is a fraudulent attempt, usually made through email, to steal your personal information. According to the 2019 State of the Phish report from security experts Proofpoint, two third of us knows what is phishing and how to be protective. Hackers are developing new ways of phishing. Recent phishing scams of 2018-19 indicate how cybersecurity challenges are coming up.
1.Attempts to use Google Translate
2.Apple phishing scam
3.Netflix payment details
4.vacation rental scams,
5.fake Instagram assistance apps
Phishing scams are evolving and need to be taken care in 2019
The Network Security Test Lab is a hands-on, step-by-step guide to ultimate IT security implementation. Covering the full complement of malware, viruses, and other attack technologies, this essential guide walks you through the security assessment and penetration testing process, and provides the set-up guidance you need to build your own security-testing lab.
How to prevent cybercrime
Cybercrime is an ongoing threat in 2019. It is not possible to prevent cybercrimes. However, you can take precautions to help protect against it. Recent High-profile cyber attacks on companies such as Target and Sears have raised awareness of the growing threat of cybercrime. Many small business owners are victims of cybercrime, largely because of poor security measures
Here are 10 steps through which you can increase the cybersecurity.
1. Avoid Phishing emails-As the Google quiz points out, always double-check links (by hovering over them), as well as the email address of the sender.Keep all your software up to date. Turn on two-factor authentication wherever possible.
2. Protect your computers- Use a full-service internet security suite like Norton Security, Kaspersky Total Security, McAfee LiveSafe
3. Firewalls Security-A firewall to an Internet is like border security officer because of its role in disallowing the wrong things from entering your computer from a network or the Internet.
4. Anti-spyware removal tools-Norton Power Eraser , which eliminates deeply embedded and difficult-to-detect crimeware that traditional virus scanning doesn’t always detect.Comodo Forensic Analysis, Emsisoft Emergency Kit.
5. Network intrusion detection system (NIDS)-An intrusion detection system (IDS) is a device or software application that monitors a network or systems for malicious activity or policy violations. These systems can collect a large number of alerts in a day, overloading your work, thus analyzing and filtering has to be done manually. Deploy OSSEC, Suricata, Bro Network Security Monitor.
6. Restrict Access To Sensitive Information. Limit employee access to data and information and limit authority to install the software. Data which is vulnerable and can be targeted by hackers should be restricted to access to authorized staff only.
7. Cybersecurity Audit-This audit provides management with an assessment of an organization’s cybersecurity policies and procedures and their effectiveness. The process of the cybersecurity audit should be repeated regularly.
8. Backup data-Protecting data against loss, corruption, disasters (manmade or natural) and other problems is one of the top priorities for IT organization. Make backup copies of important business data and information into an External Drive.
9. Don’t Click-Do not click on any suspicious link, website with http//, any attachment with an email from an unknown source, unknown download.It’s better to exercise caution
10. Cybersecurity risk-It is always good to have knowledge about the risks involved in cyberspace. If you understand the risks, you will implement better security measures. You must conduct research regarding all possible threats that might harm your business. After compiling the results of the audits, develop and implement security strategies accordingly in order to reduce the risks that you have identified.
The Chief Information Warfare Officer for the entire United States teaches you how to protect your corporate network. This book is a training aid and reference for intrusion detection analysts. While the authors refer to research and theory, they focus their attention on providing practical information. The authors are the most recognized names in this specialized field.