Hacker-Attacks-–-Main-Types-and-Protection-Measures

While a show dedicated solely to the art (or crime) of hacking like Mr. Robot is beating all kinds of records, and hacker jargon is no longer jargon, strictly speaking, why is it then that an average computer user still constantly reuses passwords for different accounts? And why is it still when corporate policy requires us to change our passwords every few months, we only make slight variations on the ones we had before? Meanwhile, according to Verizon’s 2016 Data Breach Investigations Report, 63 per cent of confirmed data breaches happened because of  weak/default passwords usage. Why are the lists of famous hacks are getting longer and longer every month? One of the recent examples is the Dyn DDoS attack (October 2016), when ironically the performance of this cloud-based internet performance management company was nearly killed.  And more importantly, can we do anything about it, or are our business and personal networks doomed to being hacked from time to time?

When innocent Jeeps can be hacked on the road, the work of entire organizations or creative individuals can be wiped out in the matter of minutes, and the official Crayola Facebook starts posting indecent imagery, you know it’s time to learn your hacker attack types. Here are the most common ones, along with a few prevention and counter measure tips:

Remote-attack-or-exploit

The main purpose of remote attacks is to steal valuable data, infect the network with viruses and malicious software, or just cause general damage to networks or targeted computers. Depending on a concrete technique used, attacks are further characterized into DNS poisoning, TCP desynchronization, DDoS attacks, ICMP attacks and port scanning.

Prevention and counter measures

Because of the varying tools to carry out remote exploits, prevention and counter measures depend on the type of technique used. According to Earl Perkins, research vice president at Gartner, who spoke at the 2016 Gartner Security & Risk Summit on the Top 10 Strategic Planning Assumptions for security through 2020, 99% of vulnerabilities exploited will continue to be ones known by security and IT professionals for at least one year. In general, the fewer vulnerabilities a system presents for attackers, the fewer chances of a successful attack there are. Having said that, if a group of hackers decides to carry out a remote attack, no matter how secure the system is, they will probably succeed (just look at any live hack attack world map right now). The only way to safeguard a computer network is to take up-to-date real-time complex measures carried out by a professional team of security experts. IT security consulting (either internal, or external, or the combination of both) can help here as well to build a framework of proactive security measures based on historic data and industry trends.

Client-side-attack

This type of attack involves active user interaction, from the side of the network or computer being attacked. Hackers are relying on users to click links and open documents, start instant messaging applications, or interact with any other vector that leads them to a malicious website. Even the most advanced users are not protected from using a phishing site instead of an original one, or succumbing to driveby downloads.

Prevention and counter measures

Firewalls and web proxies are helpless when you have an employee willingly checking corporate email on a public Wi-Fi. Training staff about being vigilant online is paramount. People will be people, ignoring antivirus notifications even on corporate computers when the desire to snatch a freeware overtakes them. Today hackers are very patient and lie in wait for months, hoping for a user action they rely on to hack into an organization or business. Staff should know about the repercussions of security breaches and understand the costs they entail. Corporate computers are utilized exclusively for corporate use for a reason, and only authorized software should be installed on them (and kept to a minimum). Minimizing the number of vulnerabilities (through browsers, email clients, desktop and office applications, media players, and so on) is a great preventative measure that should be performed by a professional security team regularly.

Blind-side-attacks-and-brute-force-attacks

This is a dangerous, last-resort type of attack used by hackers in cases when they cannot access computers or networks via traditional attack vectors. The method presupposes using every known hacking technique under the sun and ‘throwing’ it at computers and networks until one or more of the tools cracks the system open for access. In the case of brute force attack, entire search spaces may be traversed and password checked, which may take as long as the hackers need to gain access. Such an attack often causes a lot of physical and virtual damage, but it is also often easy to spot due to the large amount of data activity detected.

Prevention and counter measures

Because blind side attacks are somewhat easy to detect, the trick is to do so before any data is leaked. Offline brute force attacks are almost impossible to prevent. In case of online brute force attacks, limiting the number of attempts that a password can be tried, introducing time delays between successive attempts, increasing answer complexity, using CAPTCHA or smartphone verification codes, locking accounts after unsuccessful logon attempts are all widely used prevention techniques. Disallowing common passwords and training staff to not reuse passwords or create variations on old passwords when asked to change them regularly, as well as using secure password encryption software may help prevent brute force attacks significantly.

Social-attack-or-social-engineering

This type of attack involves psychological manipulation of users in order to make them divulge confidential information such as telephone numbers, addresses, credit card details and so on. Social engineering can be used for system access and is sometimes the easiest way to hack into a large organization protected by a complex security infrastructure (Edward Snowden used social engineering techniques to obtain passwords for his infamous NSA leak).

Prevention and counter measures

In cases of ethical hacking, when people are determined to reach their goals, it is impossible to do anything unless you learn about their plans before they are able to carry them out. Training people not to give out sensitive information to anyone is important, and it’s also vital to remember that very often hackers seek to form personal relationships with their targets. How you let your staff go is should be a priority, so next time you are saying goodbye to a former employee ask yourself: “Are they taking hacking classes on their daily commute?”

MITM-attack

A man-in-the-middle attack involves eavesdropping on communications between users by a third party. Eavesdropping is done with the help of intercepting public key message exchanges and transmitting the message after replacing the requested key with its own. Users are usually 100% unsuspecting of any suspicious activity while hackers are actually in control of communication.

Prevention and counter measures

Defenses that work may be found on the router and server-side. It’s also effective to use a strong encryption between the client and the server where it’s possible to establish a connection only after server authentication of the client request in the form of a digital certificate. It’s also a must to avoid open Wi-Fi routers altogether or use browser plug-ins that guarantee secure connections.

Hackers are getting smarter every day. Attacks have transformed from short and aggressive, to advanced persistent threats that are elaborate, methodical, meticulously planned and patient, involving multiple (if not all possible) vectors and step-by-step stages.

Traditional security measures such as antivirus software, firewalls, VPNs, password managers, avoiding plug and play support, monitoring network traffic, web gateways, using mirrors on cloud services to mitigate DDoS attacks and even the latest sandbox technologies are used to detect the first move of the attackers. By the time it is detected, the organization may have been under attack for a long time already. All current cyberattacks are designed to evade the security measures you are taking right now.

Common sense does still work, however. If a staff member is using all the security measures on corporate machines but then gives away IDs and passwords on their personal phone, what is the use of expensive security programs? All-round real-time protection is key but educating the entirety of users with access to the system is sometimes just as important.

Keeping hacker knowhow up-to-date and thinking like a hacker (knowing what they want and how they can get it) is very useful too. Being an ethical business (maybe not starting an extramarital dating service like AshleyMadison that was hacked in 2015) can help as well. Monitoring the entire lifecycle of attacks is the best defense philosophy to adopt when mapping out your security architecture.