INTRODUCTION: The process of identifying security issues manually or by using automated tools is known as threat hunting. Threat hunters require advanced knowledge of cybersecurity tools, penetration testing, programming languages, etc. So that they can use their tools in detecting threats accurately. The experts may also have ample knowledge related [...]
Are you worried about how your private information is revolving around the internet? You’re not alone. Our private information is not safe on the internet; it allows hackers or spies to misuse or leak our information to the whole world.Data is one of the important assets used in the world. Many companies face issues when their data is leaked or hacked. The lack of privacy rights or privacy protection gives huge amounts of risks to individuals. Companies like google, Facebook have a huge amount of data, besides that they provide privacy to the customers, managing a huge amount of data and then protecting individuals’ privacy is a great task.
Privacy protection is keeping our data private. Privacy is to create a set of strategies we make to protect our data from unwanted interference. Privacy enables us to create barriers between hackers or spies from our data. Privacy is concerned with two factors; third parties and data collection. Data privacy has always been important, if we see in our daily lives people put locks on cabinets or use pin codes at their banks. But nowadays mostly our data is shared online or we keep our personal information online, so that takes greater importance and safety for data.
parties can use our data. Identify all the suppliers and service providers that have cyber essentials or cyber essential plus certification, if they don’t have this then you have to insist on them before moving forward with them on work. Make sure that the third parties have their security policies. The data should be fully encrypted in transit and at rest (database or in disk). If they use cloud hosting services then the data is stored only in approved countries. Third parties must have a strong backup solution. If the data is stored in unsecured locations then the data is stolen by unauthorized users or hackers.
A data breach happens in several ways, it might happen by an accidental insider that can read or write in files without having permissions. For instance, a company employee used another employee’s system and he is reading files, but no data is shared. However, the data is read by the employee so we can say it is data breached. The second case would be a hacker purposely can read a file without permission then the data is breached. Another risk could be traceability; tracing back data from its origin is very time-consuming and this process is hard to accomplish within an organization.
Loss of control means that data is not statically placed on one system. It has been shared and moved by different backup systems, this can lead data to go into the hands of nonlegal parties. Data exfiltration is a technique that hackers used to copy or transfer confidential data. Hackers can have access to financial records, people’s personal information. Network intrusion is any unauthorized activity on a computer network. Hackers often steal network resources and become a threat to security.
Hackers can use brute force attacks to guess your passwords, if your password is weak then they will easily login to your account and steal your data. Hackers also used keyloggers to gain access to our data, keyloggers are malware that can be used in many ways, keyloggers store your keystrokes in a file and then send it to the victim. Some keyloggers randomly take screenshots of your screen, without informing you. That’s how your data is stolen. Hackers can also send your data to other hackers, the buyers can use data for their hacking purposes.
If your device is connected to the internet, hackers can steal your personal information or financial information without your knowledge and can even sell to third parties for legal or illegal purposes. Hackers can even take over your username and password, steal your money or request a pin code for a new account, make purchases with your credit card, add themselves as authorized user so that they can easily make purchases with your credit card.
We assume that our information is safe and secure but this is not true. We willingly give our personal data to companies or hackers. Our data is not only shared with companies but also shared with third parties. Here we want to know who is collecting our information?
Advertisers can collect our data from cookies and many people know this trick. Advertisers track our information by knowing what kind of services and products we like or are interested in. We visit hundreds of websites and search for different products or services. That’s how our data is collected then advertisers just use this information and then target that product later. Advertisers also use pixels to collect data, pixel is a scripting code on websites that can capture user behavior and conversations. Conversations could be; a user downloading a file plays a video or audio, clicking on advertisements, or even landing on a page.
The data can be collected from the things you post, like, accept or search about through your devices. Social media like Facebook collects our information. Unfortunately but yes, Facebook collects our information outside the website and even sees our browser history. Social media often access our location, when we create our account on social media, we accept the terms and conditions in which there is access to your contacts and location is also present and that’s how social media suggest nearby places for cafes, stores or even your nearby friends.
Cookies are the tiny files on websites that are saved on your system. Cookies are used to remember information or keep track of the visits and activity we do on a website.Cookies can be harmful or not. For instance ‘zombie cookie’ is a cookie that recreates itself after being deleted. Third-party cookies can also cause security and privacy concerns.
Hackers can steal your password from cookies, they install cookies with hashed passwords and then they can login to your accounts or they can steal your sensitive information like your credit card details, they can take loans from your accounts by using your credit card or they can even make purchases also. They can also make huge money after selling this personal information to cybercriminals. This method of stealing cookies is known as cookie scraping.
Is Google really spying me ? The answer is yes, in the 21st century Google is the most popular search engine we use in our daily lives. Google Analytics is the most popular web analytics out there. In many ways google is collecting our data.It also collects data by tracking IP address, by tracking your location and how many devices are connected to that internet.Google also collects your searches, search results you clicked on, web crawling, site analysis and much more.Google also collects data of how you use google services, google apps or google devices.Basically everything that is connected to google is used to collect data.
With all your personal information google can create a page of your personal interests, this can help to advertise google ads related to your personal interests or what you’ve searched.Google also tracks our location, whether you are looking for a cafe , searching nearby bus stops, it can track your location and finds the best route for you that you’ve searched. When you use google maps it can send back your data and combine your data with other people around you and that’s how you are aware of traffic patterns.
Anyone who uses computers and mobile phones on the internet is suspected to be hacked. Hacker is a person who tries to gain unauthorized access to your system. Hackers have the technical skills to take advantage of cybersecurity defense.
Hackers used many ways to access your data like network hacking, phishing attacks, malware, and firewall attack.
As the name suggests, is the act of hacking a network. It does not mean hacking wifi or something, it can also be two or more two machines working together. Hackers can use different techniques to hack wifi: Sniffing is capturing and monitoring all the packets going through the network and the data could be your username, passwords, account information, etc. Sniffer can be software or hardware. By placing a packet on the network in a diverse mode, the hacker can capture and monitor all the network information.
The term ‘phishing’ and its concept came about in the ’90s. It came through America Online (AOL). The group of hackers called themselves the ‘warez’ community and also known as ‘phishers’. During the 90’s AOL was one of the leading internet service providers and millions of people used their services. The popularity of AOL grabs the attention of hackers, then hackers that use illegal software use AOL for their communication. Then they formed the group called ‘warez community’. The group is called the first ‘phishers’.
The process of a phishing attack is that the hacker sends a fake email to the victim. The victim is tricked to open that email and goes to a fake website. The victim then enters their personal information. Hackers collect confidential information. Then the hacker uses the victim’s credentials to use a website.
Some types of phishing attacks are mass-market emails, spear phishing, whaling, fishing, smashing, and snowshoeing.
The most common type of phishing is ‘mass-market emails’. The hacker/ phisher sends a fake email to a large number of users and pretends that this email comes from a well-known organization like your company or bank or any other organization that you work for. Then in that email, there would be a link for logging a website usually or downloading malware. They trick the user to click on that link, after the user clicks on that link, the phisher can collect and access the data through their system or account.
The phisher sends a fake email to the targeted user. The phisher attacks a specific user, organization, or business. A fake email arrives at the user from a trustworthy site and it leads to a website that is full of malware. The purpose of spear phishing is to receive confidential information for fraudulent purposes.
The whaling attack is also known as ‘CEO Fraud’, it is similar to a phishing attack but it targets high-ranking persons, maybe the CEO of an organization using social engineering tricks to give confidential information or financial transactions. The phishers send an email using a similar email address of a senior person of that organization and that email might ask for confidential information or financial transactions.
Vishing is known as ‘voice phishing’, where a phisher uses a phone call to collect confidential information. Phishers call from an unknown location to a person and then create an urgency that allows users to give their personal information to phishers.
Smishing is just like vishing instead of a phone call it requires texting a person to give sensitive information. Social engineering works best in this attack, hackers can manipulate victim decisions by gaining trust and by context.By trust that this message came from a trusted organization, by the context that using a situation that can assure the victim that message is from a trustworthy authority.
Snowshoeing spamming is common in this world nowadays, we receive spam messages from spammers every day. Spammers have an array or list of IP addresses where spam messages are sent. The objective of spammers is to allow users to open that link where malicious activities are involved.
There are alot of risks and dangers in phishing attacks like money stolen from bank accounts, Fraud charges on organizations or credit cards, Loss of access to private data, Fake social media posts made by your accounts, or impersonate to a friend or family member, putting them at risk.
Malware is ‘malicious software. It is software that might be a program or a file by hackers to steal your personal information. Malware can harm your system, slow down your system, reduce the speed of your system, make usage of the system’s resources high, your screen overflows with unusual ads and the system sometimes crashes.
Some of the types of malware are viruses, worms, trojans, spyware, adware, and ransomware.
The virus is a self-replicating program that spreads in your system and across the network. The virus itself is attached to a program or triggered by activation of the host/user. Viruses come from anywhere in your system, it might come from a downloaded file, email attachment, visiting a corrupt website, or software downloaded from an illegal website.
The worm is a self-replicating program that affects your system hardware and software. A worm can modify or delete your personal data, steal your data and create a backdoor for hackers. Unlike viruses it is not attached to a program it only replicates itself.
Trojan or trojan horse is malicious software that can steal your personal information from your system or by spying on you. It is the most dangerous malware, it moves into your system and then installs additional malicious software.
Spyware is malicious software that can have full access to your system. It can be in your system or the organization’s system. It hides and secretly accesses your information. It can access your username, passwords, credit card information, record audio or video, access browser history and email.
Adware is malicious software that displays unwanted ads. It is activated when the user is installing legal software in which adware is attached.
Ransomware is malware through which a hacker locks your system and then demands a ransom from the victim to restore access.
Having a strong firewall isn’t all of your security defenses. Firewalls act as a gatekeeper, filter the data attempting to enter your computer or network. By social engineering, hackers use phishing attacks or phone calls to pretend to be a system admin requesting access. Another technique is DNS leaking, DNS stands for domain name system that translates the IP address into a domain name, for instance, a website.com has an IP address of 93.184.214.0, but no one can remember all the website IP addresses. So, a DNS leak means that someone can cut off the communications between your browser and DNS or steal the data from a DNS cache. Hackers can trace your IP address, websites you have visited and even monitor all the online activities.
Another technique is neighbor wifi access points, where everyone can connect to an open network, even hackers. If you are outside of your organization or away from your internet and then connected to an open network like cafes or any other place, and if a hacker is trying to target your organization or company then it will also join an open network and wait for other members to join that network. Once the member joins the network, the hacker will monitor all the communications or attempt to use your network. Another method is encrypted injection attacks that are similar to phishing attacks; attacks are delivered by phishing emails. It will trick the user to click on that link given in the email and then that link injects encrypted code into the machine which can cause malware or data access backdoor. If you are using outdated, not updated components or vulnerable software components then there is a chance of hacking the firewall and gaining access. By steganography, hackers can hide malware in an image. Image steganography is a technique of hiding malicious code in an image as it is easy for all to download a free image or easy to convince people to open an image.
Nowadays malware is common, yet impossible to avoid. There are a lot of simple methods to prevent malware like don’t open links from unknown sources. Install antivirus software, Run scans regularly. Update your operating system and browsers. Install an anti-spyware package. Don’t allow websites to save your personal information. Use Web application firewall (WAF), is an application cyber security solution tool that is designed to protect applications that will filter and monitor harmful traffic. Use VPN to protect yourself from hackers, VPN can redirect your internet traffic to a different IP address, it is impossible to track you. Use a strong password manager that will suggest a strong password and keep track of your passwords. Passwords protect every device you use. If we don’t use passwords then there is a danger of your data going into the wrong hands. So your phone, tablet, the system should have their own password and it should be a strong password. Instead of a strong password, you can also use a biometric way to lock your system, you can use fingerprint scanning or face recognition method. Use encryption where possible, it can be used where a layman cannot read, it can be read without a proper key. Use two-factor authorization, whenever an account is login a new pin code is sent to your mobile phone for verification, this is the best method for securing an account from hackers. Another situation also occurs when you login to a new service you will receive a one-time pin code on your email and a second part of the password on your mobile phone through text message. When you take these basic measures you can ensure your privacy at some point.
INTRODUCTION: A vulnerability scan is an evaluation of viable security vulnerabilities and risks in systems, internal and external networks, and communication appliances that can be utilized by cybercriminals. It can ...
Keeping your information safe from unauthorized access
Post comments (0)