Computer security, cybersecurity, or information technology security (IT security) is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software or data, as well as from the disruption or misdirection of the services they provide.
Cybersecurity is the ongoing effort to protect these networked systems and all of the data from unauthorized use or harm. On a personal level, you need to safeguard your identity, your data, and your computing devices. At the corporate level, it is everyone’s responsibility to protect the organization’s reputation, data, and customers.
Wi-Fi Password Cracking
Wi-Fi password cracking is the process of discovering the password used to protect a wireless network. These are some techniques used in password cracking:
Social engineering – The attacker manipulates a person who knows the password into providing it.
Brute-force attacks – The attacker tries several possible passwords in an attempt to guess the password. If the password is a 4-digit number, for example, the attacker would have to try every one of the 10000 combinations. Brute-force attacks usually involve a word list file. This is a text file containing a list of words taken from a dictionary. A program then tries each word and common combinations. Because brute-force attacks take time, complex passwords take much longer to guess. A few password brute-force tools include Ophcrack, L0phtCrack, THC Hydra, RainbowCrack, and Medusa.
Network sniffing – By listening and capturing packets sent on the network, an attacker may be able to discover the password if the password is being sent unencrypted (in plain text). If the password is encrypted, the attacker may still be able to reveal it by using a password-cracking tool.
Analzing cyber attacks
Social Engineering
Social engineering is an access attack that attempts to manipulate individuals into performing actions or divulging confidential information. Social engineers often rely on people’s willingness to be helpful but also prey on people’s weaknesses. For example, an attacker could call an authorized employee with an urgent problem that requires immediate network access. The attacker could appeal to the employee’s vanity, invoke authority using name-dropping techniques, or appeal to the employee’s greed.
These are some types of social engineering attacks:
Pretexting - This is when an attacker calls an individual and lies to them in an attempt to gain access to privileged data. An example involves an attacker who pretends to need personal or financial data to confirm the identity of the recipient.
Tailgating - This is when an attacker quickly follows an authorized person into a secure location.
Something for Something (Quid pro quo) - This is when an attacker requests personal information from a party in exchange for something, like a free gift.
Phishing
Phishing is when a malicious party sends a fraudulent email disguised as being from a legitimate, trusted source. The message intends to trick the recipient into installing malware on their device, or into sharing personal or financial information. An example of phishing is an email forged to look like it was sent by a retail store asking the user to click a link to claim a prize. The link may go to a fake site asking for personal information, or it may install a virus.
Spear phishing is a highly targeted phishing attack. While phishing and spear phishing both use emails to reach the victims, spear phishing emails are customized to a specific person. The attacker researches the target’s interests before sending the email. For example, an attacker learns the target is interested in cars and has been looking to buy a specific model of car. The attacker joins the same car discussion forum where the target is a member, forges a car sale offering and sends an email to the target. The email contains a link for pictures of the car. When the target clicks on the link, malware is installed on the target’s computer.
DoS
Denial-of-Service (DoS) attacks are a type of network attack. A DoS attack results in some sort of interruption of network service to users, devices, or applications. There are two major types of DoS attacks:
Overwhelming Quantity of Traffic - This is when a network, host, or application is sent an enormous quantity of data at a rate that it cannot handle. This causes a slowdown in transmission or response, or a crash of a device or service.
Maliciously Formatted Packets - This is when a maliciously formatted packet is sent to a host or application and the receiver is unable to handle it. For example, an attacker forwards packets containing errors that cannot be identified by the application, or forwards improperly formatted packets. This causes the receiving device to run very slowly or crash.
DoS attacks are considered a major risk because they can easily interrupt communication and cause significant loss of time and money. These attacks are relatively simple to conduct, even by an unskilled attacker.
SEO Poisoning
Search engines such as Google work by ranking pages and presenting relevant results based on user’s search queries. Depending on the relevancy of website content, it may appear higher or lower in the search result list. SEO, short for Search Engine Optimization, is a set of techniques used to improve a website’s ranking by a search engine. While many legitimate companies specialize in optimizing websites to better position them, a malicious user could use SEO to make a malicious website appear higher in search results. This technique is called SEO poisoning.