The world of software cracking is a shady place and I've had my fair share of bad experiences. So, I grew up. I decided that trying to outsmart developers wasn't worth the trouble and could lead to serious problems with the law.
Besides this, it's crazy to think about how networking tech has changed over the last 10 years. Most of us are doing our online work through mobile devices, and smart home devices are everywhere. Businesses have brought much of their operations online, which unfortunately has opened up opportunities for hackers to get bigger paydays ransoming corporate secrets and collecting huge sets of private customer data.
Below, I'll give a basic overview of the techniques hackers use to commit cyber attacks. Surprisingly, a lot of these techniques have been around for many years. The sad thing is they still work. Let's see what we can do to slow them down.
You may also like:
1. Smart Devices and IOT Network Vulnerability
One of the most exciting developments in home appliances is the smart device. These items connect computing devices in the home to the internet to streamline processes and gather data for efficient operation. The problem with smart appliances is that they are notorious for weak security. These devices use default credentials that are often freely available on the dark web or can be easily cracked. Once a hacker takes control of a smart device, they can start infecting other devices connected to the same network, eventually getting to your private data on your mobile phone or computer.
Tip: Before purchasing a smart device, carefully research the privacy and security policies that are in place. If you can’t change the credentials or run updates on the device, don’t bring it into your home network.
2. Botnet DDoS
One of the biggest problems that has come out of the vulnerability of smart devices is that, once they are cracked by hackers, they can be easily integrated into larger networks to take on large scale malicious activities. One of the most popular uses of botnets involves crashing corporate websites and entire network hubs with distributed denial of service attacks (DDoS). Any device with simple web access can be used in a DDoS attack, such as:
- IP video camera
- smart TV
- coffee maker
Tens of thousands of these devices can be coordinated to hit servers with hundreds of millions of access requests per second which can lock up servers for periods between a couple of hours to days or even weeks, completely shutting down vital services for customers and workers alike.
Tip: Change factory-set smart device credentials, use strong passwords, and disable services you don’t need. Make sure that the device firmware is up to date.
A newer method of subverting computer resources to enrich hackers involves setting up networks of computers to run crypto-currency “mining” apps. Hackers use standard malware distribution practices such as phishing or malvertisements to install hidden mining programs on user computers. This malware uses excess CPU and GPU resources in crypto-mining processes that will reward miners with crypto-currency assets while the owner of the computer is completely unaware of the drain on their systems. While stealing processing power for this purpose would be pretty ineffectual on a single machine, taking the combined processing power of hundreds or even thousands of computers can pile up the mined currency quite quickly.
Tip: Be careful about free media and software you download. Keep your anti-virus software up to date, and scan for malware if you notice your computer slowing down.
4. Social Engineering
We all share fun little tidbits of our lives on social media on a regular basis, such as:
- our birthday
- the names of friends and family
- our pets
- place of work
- our current address
We all maintain a number of online accounts—email, social media, streaming, etc.—and this requires us to manage a long list of passwords. Most of us create easy-to-remember passwords by mixing bits of personal info. Unfortunately, hackers use the information we share innocently in publicly available data sets to deconstruct our passwords. Often cybercriminals will build information profiles on targets, putting together pieces of information to create likely passwords to hack into the target's employer website in spear phishing attacks.
Tip: Use a password manager to set up passwords. Use 2-factor authentication and change passwords periodically.
5. Website/Email Spoofing and Phishing
Web developers have incredible toolkits that allow them to develop web assets to quickly roll out impressive internet services. Unfortunately, these same tools give hackers the ability to copy logos, color palettes, and page layouts down to the smallest detail. Cybercriminals can quickly create website forgeries that trick customers into sharing financial and personal data. These forged websites are set up with domain names that are slightly misspelled variations on corporate URLs. For instance, www.bankolamerica.com is the type of simple misspelling a cybercriminal would use to set up a site forgery in the hopes that customers would log onto the page.
Tip: If an email received from your bank or the IRS seems fishy, check for typos in the content of the message and any links included. Corporations are precise in their professional communications so typos are a strong indication a hacker is trying to run a phishing attack.
6. Man-in-the-Middle (MITM) Attacks
We've all had those moments at the transit station or the mall where our mobile internet isn't working but we can access a local public wifi network. These situations are prime opportunities for hackers to intercept mobile web data usage. To keep things really simple, a MITM attack involves a hacker setting up a toolkit on the network that intercepts an encrypted access key your device sends to servers to get access to and share data with your favorite websites. The man in the middle sends a false key, which tells your device the MITM is a part of the network, and that data should go through the MITM before moving on to properly validate on the correct server. This allows the hacker to scan your internet usage and gather all the data you share including usernames and passwords. No one is the wiser because the man in the middle passes all data back and forth between the user and server without issue.
Tip: Avoid using public wifi. If you do want to connect to a public network, use a VPN to encrypt your connection.
7. Cross Site Scripting/SQL Injection Website Attacks
Tip: Carefully consider the information that a website needs to provide good service. Many websites will ask you for extra information they don’t really need in order to run demographic studies and marketing programs. Don’t give valuable private data to just any online service provider.
This is often an advertisement banner that links to a malicious server from which hackers can deliver malware to your device. There have also been many instances in which small malware scripts have been encrypted in image files themselves. Unfortunately, in these cases, as soon as the ad banner is loaded into the browser, the malicious script is loaded onto the user's computer.
9. Data Leakage and Mobile App Hacks
Most people these days are browsing the web and completing routine tasks like paying bills and organizing photos through mobile apps. We tend to take the security of this software for granted, and it's easy to give apps full access to your phone's functions. Let's imagine for a moment that your favorite app's servers are hacked. If Google and Facebook have been routinely hacked, your favorite app provider will be hacked sooner or later. If you give a hacked app full permissions on your phone, the hacker now has access to the camera and mic so they can easily record your conversations, track your location, and steal personal data stored in the app.
Tip: Carefully consider which permissions you give each app on your phone. Do certain apps really need access to your microphone and camera? Also, do not give apps private data that isn’t completely necessary for their operation.
Hackers send text messages with links to malicious apps or tools that look legitimate but include malware. The attacker might pretend to be a banking contact, asking you to update information on a forged website that will steal your login. Hackers also might try to convince you to download malware that will supposedly get you in on a get-rich-quick scheme. In each case, they are trying to get users to access malicious servers or download malware apps.
Tip: Don’t click links in messages from numbers you don’t recognize. Organizations that work with your private information do not do business through text. Delete unexpected texts from people claiming to be government or banking representatives.
Don’t Panic, Stay Alert, Protect Your Data
Unfortunately, if you spend enough time online, your data will be compromised sooner or later. The main thing to remember is: Don't panic. In the event that an account you own is hacked, record the transaction that allowed the infiltration and contact the authorities ASAP (like you would with any other crime).
These days, smart devices are a huge target for hacking. White hat hackers have been begging IOT manufacturers to improve smart device security for years (only to be ignored). You should be very careful about the smart devices allowed in your home.
Otherwise, much of the hacker community is now trading in large data sets. Groups of hackers in countries with weak computer security laws run large operations managing automated attacks against corporate enterprise systems using sophisticated tools. Ransoming corporate data provides a bigger payoff than an individual.
While there are still small-time crooks trying to get your credentials, sophisticated cyber-criminals are more likely to use your credentials to attack your employer than you. Keep an eye on your online records, and be wary of links and app downloads from strange sites. Being aware of potential hazards is the first step in protecting your identity and data online.