2 types of attacks:
Active attack
Active attacks are scenarios where an attacker uses brute force methods or softwares which can try to break into a system by guessing username and passwords. These types of attacks also try to uncover vulnerabilities in a system and try to compromise them to get access to the systems.
Passive attack
These types of attacks are of a very stealthy nature and may not be visible or might appear harmless to the target. In this kind of attack, a threat actor is inserted into the system disguised as harmless looking but contains some very dangerous codes and they formulate an attack when the chances of detection are minimal. These attacks try to open a communication channel from the target’s device back to the attacker giving them complete access to the system. Once full access has been secured, the attacker becomes the owner of the system. They can download bank data, important files, emails, passwords; anything on the device will be at the mercy of the attacker.
How an attack happens:
Computer systems:
Attackers may send a genuine-looking email containing a link (Like: Click on this link to see some cute puppies!) which may appear to be harmless. Or, an email attachment may appear to be genuine, like an employment opportunity or winning a lottery. However, clicking it may give the attacker access to your computers. This type of attack is called a phishing attack.
Smart phones:
An attacker may send a message or WhatsApp link asking the user to click a link, like winning £100 of vouchers or they may be links encouraging you to share with friends. These links, when clicked, provide the attacker with information about your smartphone; the type, the operating system and in some cases your pictures and the apps installed on the phone.
CCTV cameras:
CCTVs are used to remotely monitor premises to make them more secure. CCTVs which are bought off the shelf usually have a generic username and password set by the manufacturer. These are simple plug-and-play devices which the users don’t bother changing when they install it in their school, home or business establishment. Attackers have sophisticated tools to identify which CCTV cameras are connected to the internet and if their default usernames and passwords have been changed. Look out for www.insecam.org which shows several insecure security cameras around the world.
Smart-wearables:
Humans have embraced a lot of smart wearables like smart watches, smart glasses and even smart shoes. These are the latest products and the technology to secure them is not as robust as the ones that are used to secure computers and desktops (antivirus softwares). An attacker can read health data from a smart watch/fitness tracker which will help them to identify potential targets health metrics and sleep patterns. Since we keep the wearable attached to our bodies, an attacker could easily identify our daily activities and location based on GPS data.
How to prevent attacks:
All the data above is precious to different types of consumers and can be sold on the dark web because they contain critical user information.
– Do not click on links which appear too good to be true.
– Keep the software on the devices up to date.
– Do not store sensitive information in readable format.
– Limit the usage of social media platforms and posting a lot of personal information; keep social media profiles private.
– Use complex passwords.
– Never provide any personal identifiable information (PIIs) unless it is required by law.
Are you prepared?
For all the latest Education News Click Here
For the latest news and updates, follow us on Google News.
