In recent years there has been an increase in the frequency of attempting to expose bugs and holes in security systems and compromise organisational infrastructures for a number of reasons. If you want to stop that, you must be familiar with all kinds of modern threats. In this article i can try to list and explain some of them and how they work.
Phishing
Phishing or network identity theft isthe kind of fraud by electronic mail or electronic message. The sender lead the victim to reveal personal informations ( usually financial ) by pushing them on a fake webpage whose link is given in the message. The address and content of this fake site are very similar to the address and content of an authentic site. From there is the english name “phishing”, which is a distorted form of the word “fishing” – both words are pronounced the same, although they are written differently.
This summer, according to the Federal Trade Commission, scammers are duping fans with phishing emails that include enticing, but totally fake, free trips to Moscow.
“Ignore any email that claims you’ve won World Cup tickets or a lottery prize to attend the Cup,” the FTC posted on its website last week. “The offer may seem promising, but the truth is, scammers are simply phishing for your personal information. Never open files or click on links sent by strangers. And never pay a fee to claim a prize.”
Hacking (DDOS, Key Logging, Cookie Theft)
Hacker is a computer enthusiast who likes computer technology and all its aspects, whose knowledge is very wide. The word hacker is misused today, and is synonymous with a user who wants to get access to a computer, an Internet resource or just want to choke (flood) Internet traffic on a particular page without permission.
A hacker actually means a lover in computers.Today there are several types of hackers. The first are white hackers – security experts who in most cases are employed in companies whose main business is to remove software defects in the software and other activities related to stopping to be hacked. Black hat hackers are actually crackers.
Script kiddies ( Hacktivist ) are young or older people who do not even understand computer and computer technology, but have gained knowledge and with the help of several manuals began to destroy (uninstall) unprotected web pages. In hacking communities around the world, the “kiddies script” is hated and considered like parasites.
Cracker means a hacker who crosses a thin line between the legal and illegal, who uses his knowledge to gain personal gain, destroy someone else’s property, and so on. It often comes down to incidents of various unprotected websites and similar illegal actions. Hacker is often wrongly referred to as a cracker, but it is very different.
Ransomware
Ransomware is a type of malicious software that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid. Advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them.
In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as Cryptocurrency are used for the ransoms.
Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the “WannaCry worm”, traveled automatically between computers without user interaction. Best way to defend it is to use password for folders with important files or use some of anti-ransomware software like Kaspersky Anti-Ransomware Tool for Business witch is free tool.
BYOD ( Bring Your Own Device )
Bring your own device ( BYOD ) – also called bring your own technology ( BYOT ), bring your own phone ( BYOP ), and bring your own personal computer ( BYOPC ) – refers to the policy of permitting employees to bring personally owned devices ( laptops, tablets, and smart phones ) to their workplace, and to use those devices to access privileged company information and applications. The phenomenon is commonly referred to as IT consumerization.
With this trend, a new security hole has opened. According to some studies, 75% employees witch use your device did not have sufficient data encryption. Let’s imagine, you have just back to work from being on annual leave and you connect the computer to the company network and use USB to start presentation, what could happen? Your home computers security software may have not detected a virus like Malware, it has now infected your USB device and will continue to propagate across any enterprise network that you connect it to.
To prevent this many organisations have created BYOD policies. Also contain additional security measures to be installed on any devices using on work. This does allow protection for the personal usage of the device but most importantly increases the security of company operated applications and software.
Bots
An internet bot, also known as web robot, WWW robot or simply Bot, is a software application that runs automated tasks (scripts) over the Internet. Typically, bots perform tasks that are both simple and structurally repetitive, at a much higher rate than would be possible for a human alone. The largest use of bots is in web spidering ( web crawler ), in which an automated script fetches, analyzes and files information from web servers at many times the speed of a human. More than half of all web traffic is made up of bots.
These scripts are especially interesting to hackers. These clever little programs are created to complete a job as quickly as possible. For example, bots can be designed to scan a system and find specific information such as credit card information, weak points in new software patches or previously unknown access points that can then be exploited.
One of the method to defend your system is to create your own bots to scan your systems. They cannot be relied upon to protect you from any attack ( e.g bots are useless against DDoS attacks ) but they can be a valued asset when used correctly.