October is the month for National Cyber security Awareness so I thought I should write a couple of lines about it. Partly because it´s important to be aware about the risk when dealing with the digital world, there are so many bad things that can happen. And also partly to be safe with your personal information so no one can steal it and use it for their own winning. So today I´m going to tell you what cyber security is and the most common hacks that you can meet, and then I´m going to continue this celebration with another two posts that are related to cyber security. So like I wrote first out is what kind of cyber attacks is there?
Anyhow cyber security is the protection for all software and even hardware against stealing, damage and other bad things to the computer. This is more important then ever nowadays because we use bluetooth, wireless network and wifi. An increase of devices as smartphones, watches, TV and tablet also increases the risks for problems. The reason to why we get hacked in different ways is that the software or the hardware have a weakness that makes it vulnerable for attacks. But to be safe you have to know what kind of threats there is, so here is a list…
When you find a different way to get in then the usual login. These kind of weaknesses can be a design flaw can have been created by an hacker.
Designed to make the networks resources or the hardware unusable for the intended user. It can be things like writing the wrong password until they lock the users account. They can also overload the system so it blocks all users or crash, this attack is called Ddos-attack.
This happened to our platform indirectly because someone attacked the national railway website and our platform happened to be on the same server, so yeah we were locked out back and forth during a couple of days. Eventually it got solved and we were back online as usual.
An unauthorized person gain access to the computer and are then capable to copy data from it. They comprise the computer by planting worms, keyloggers, system to eavesdropping or for using an wireless mic. The hackers can usually go pass normal security settings with different help.
when you intentionally listen to someone else’s conversation. Usually between the hosts on a network. These kind of attacks are often done by black hat hackers.
Multivector, polymorphic attacks
The first attack of this kind came in 2017. In this attacks the hacker combine multiple different attacks. The attacks differ from each other and the never look the same which makes it hard to protect against them.
Is attempt to gain access to sensitive information like name, username, card numbers and social numbers. These attack usually done though an email or a direct message.
I had something similar happen to my this year. Someone stole my social number and started shopping online with it but sent me the bill. First I didn’t get why I got all these wrong bills but when I called the company they said it was done in my name and my social number, but after some digging we found out that he used another phone number and email. We stopped all purchase with my social numnber and I reported it to the police and I haven’t had any problems after that. Thank good!
this happens when a user gives himself or someone else a higher competence than he/she should have in that system. This is done without authorization.
I had a kid at my old workplace that did this and started to give himself and his friends better presence and just kept messing around in the system. He (yes it was a he) changed passwords for the teacher and logged on as them and kept messing around. But his problem was the bad things never happened to him or his friend just to the others in that school. And when he finally changed a grade just before he was supposed to get it I got him. But it took me around a year and I had to change everybodys password at least two times (I had about 400 users on that platform). All this was reported to the police and the kid didn’t get any time but a stearn talked to and a reminder to use his skills for good. The kid was 13 years old.
This kind of attack is about persuasion. It’s about someone persuade a user to leave his or her sensitive information, such as card numbers and password, to the attacker. This kind of attacks are often used against companies and goverment.
The attacker mask a website, an email or something similar as legal but with false data to be able to access information and resources.
Evil modification of products, for example plant surveillance ability in router systems
ok, so there’s a lot of different attacks out there and some of them can be really serious. The attackers motivation can vary from attack to attack. It can be anything from thrill seekers and vandals to terrorists and some goverment. As you can read above I been involved in three different attacks and believe me they are not fun and usually take a long time to solve, but with some short things to think about you can secure your software and hardware. You can read more about it here.