Cyber-Security For Everyone - Fundamentals.
Computer technology has come a long way since its inception. No one thought that we were going to become so dependent to technology interaction as we are today. There’s a vast number of electronic devices that connect to the Internet and no one thought about all the possibilities we now have thanks to the Internet and the interactions we can make in real time. Economic growth, information and knowledge sharing, connectivity and entertainment are the things the Internet brought to our daily lives. But these benefits can turn into menaces really quickly with the threat of hackers and harmful people that seek to use the Internet in evil ways. Economic growth can be translated into theft, information sharing could become data breaches, connectivity could turn into surveillance and entertainment into mass manipulation.
Computer and software manufacturers are well aware of the need of security in hardware and software, but not until cybercrime grew into unmeasurable proportions. Security back in the day wasn’t a priority because engineers thought that focusing in security could slow down development or interfere with functionality. Security became a reactive measure instead of a preventive one. Vulnerabilities and risks are everywhere in the cyberspace. You and me are in danger all the time if we click the wrong button, open the wrong tab or install the wrong app. We need to understand the importance of securing our information, the access to the Internet, our devices and our online identity to prevent being the victims of cybercrime. I’ll try to lay out in this post (or series of posts) the foundation to protect yourself online.
First, you could get used to defining terms used in cybersecurity
Malware: Probably you kinda have an idea of what a malware is or you have heard about it in your antivirus software. A malware is any software designed to perform harmful activities. This is pretty much the family of malicious programs that exist.
Different types of malware
Adware – as the name implies, an adware is a type of malware that delivers advertising to the victim. It’s installed in the device without the user consent, like the majority of malware and it serves as a revenue generating tool for whoever created it. They can get more dangerous if they are bundled with spyware that could potentially track user activity and steal information.
Bot – Bots are programs that can perform specific tasks automatically. Bots are everywhere nowadays, as customer support systems, to automate scalping in trading, to generate views in Youtube or streams in Spotify, to aid in the purchasing process, etc. But bots can be used maliciously. They can be used in botnets to attack a website, a spambot delivering malicious messages to further infect a device with malware, to scrape server data to download website data, etc.
Bug – a but is a flaw in the code or software that can be exploited with the wrong intentions. Bugs can be errors made by the programmer with no harmful intentions that can slightly affect the program’s behavior but without harming the user’s experience. Other bugs can freeze or crash the software and some can be used to bypass user authentication, override access privileges or steal information. Hackers are always searching for bugs to benefit the loophole they create.
Ransomware – Ransomware can hold a device captive and demand a ransom to unlock it and let the user recover what’s being locked. It encrypts files on a hard drive or can lock down a system or server while popping up messages to the user demanding something, usually money.
Rootkit – This type of software can access remotely to your device without being detected by security programs. Once the rootkit is installed, the hacker can remotely execute files, access/steal information, modify configurations or preferences, install more malware or use the device as a bot to join the army of a botnet.
Spyware – this type of malware, is pretty straight forward isn’t it? It essentially spies on you to either data harvest your activity, collect keystrokes and interfering with your network connection.
Trojan Horse – The trojan horse seems to be one of the most popular malwares people have heard of. This malware, disguises as a normal software to trick users into installing it. Once installed, it can perform the malicious tasks of a bot, a spyware, adware a virus or anything pretty much.
Virus – The name comes from the ability to spread and copy itself to other devices. They attach to various programs and once they are launch, they can infect any other device that installed that program. Viruses can spread in a variety of files including documents, scripts, executables, etc.
Worm – The most common type of malware. These worms can consume excessive amounts of bandwidth, overload servers, damage the cost device and contain payloads. These payloads are designed to steal data, delete files or create botnets. Worms and viruses are very similar with the difference that worms can spread independently while viruses depend on humans to spread.
As you can see, there’s a lot of threats we face and they are everywhere. Lets keep learning some other technical terms.
Attack surface – all points that are vulnerable to attack on a computer, network or system.
Attack vector – is the route or method that allows the hacker to enter and compromise the device. Is the weak point where they can break in the system.
Exploit – is the technical term of the invasion of a computer system.
Social Engineering – is the practice of using human weaknesses as an attack vector. Usually systems can be highly secured, but there’s no way to prevent the human from failing. Hackers use psychology and sociology to trick their victims into revealing critical information that can grant them access to a network or device.
Phishing – Social engineering is done usually through phishing which is the act of using deceptive information to request information with a seemingly legitimate reason. Attackers can recreate websites so users input their information in them and effectively steal the data. Phishing is very common through emails but since people fall less for them, they have becoming increasingly sophisticated.
Hacker – You might think of hackers as this malevolent people with evil intentions but technically a hacker is someone that studies code. There’s 3 types of hackers, white, black and grey hackers. They all have extensive knowledge in breaking into computer networks and bypassing security protocols. The difference resides in their intentions. For example, they can call an individual pretending to be from a company or have a fake profile online claiming to be someone they’re not with the purpose to infiltrate.
Black hat – These are the type of hackers that act maliciously with the intention of stealing data like financial and personal information, login credentials and gain control of networks and devices.
White hat – These can be called ethical hackers. Their intentions are good in the sense that they often counteract black hat hackers and help businesses and companies to protect their systems. They can also hack to find vulnerabilities and address them so black hat hackers don’t have the chance to do harm.
Gray hat – They can be seen as bounty hunters. They will exploit systems and break them so in turn they can report it to the owner and ask for a reward. If the owner is not interested, doesn’t comply or cooperate, these hackers sometimes expose the vulnerabilities to the world or profit from them. They could be seen as neutral hackers, they can do good and evil.
Types of attacks
Zero-Day attack
This is an attack that takes advantage of an unknown security flaw. Developers might find a flaw and they notify the owner of the software so they can start developing a patch. This starts a count of days until the patch is released. If the flaw is never discovered or reported, there’s no count for a patch release and hence the name “zero-day” attack, because the attacker can launch an attack with the software being vulnerable. This type of flaws are very profitable and when discovered by malicious parties, they can be sold in a black market for thousands of dollars. After the zero-day flaw was exploited, it can be detected, but it could be too late due to the attacker perpetrating the system and acquiring what he/she wanted.
Denial of Service
The denial of Service (DoS) is a common way of attacking businesses and government websites. It’s a flood of input messages that exceeds the processing capacity of the attacked target and this overwhelming input of data, stresses the servers so it blocks legitimate users from accessing the site. A more sophisticated version to this is the Distributed Denial of Service (DdoS). The attack comes from multiple sources at the same time and this can increase the input of information stressing the system becoming a more effective attack. These attacks can weaken the security systems of servers, taking their defenses down and making them vulnerable to attackers. This attacks are usually orchestrated with botnets.
Botnets
Bots are infected devices that receive orders from a “master” to execute spam behavior and help in the Ddos attacks. The users of the enslaved device are often unaware that their device has been infected. These networks of bots can be huge having millions of users but usually perpetrators make them smaller so there’s smaller multiple botnets making it difficult for the security team to shut them all down at once. These botnets can also be used to simply distribute spam and distribute malware, phishing attempts, etc. Some can be used to crack passwords or mine cryptocurrency like Monero and some CPU based altcoins.
Password cracking
This is a more difficult process to acquire someone’s password than it is through social engineering. This is a method hackers implement when social engineering didn’t work or there’s a lot of value at stake so they need to make sure the attempt works. First they guess the passwords with some common variables like victim’s birthdate, anniversary, relative’s names, etc. If this fails, then the dictionary strategy comes. This dictionary attack limits the candidate password to words from a dictionary and runs through every word in the dictionary to try every possible combination, which in reality is resource consuming and impractical. Military grade decrypting algorithms could be deploy to crack down someone’s password of high importance like a political figure for example.
I hope this introductory post to popular terms in cybersecurity can help you understand how vulnerable we are online and if this all scared you, it is completely understandable. Cybercrime is scary and cybersecurity is something everyone needs to know and become more aware to implement the best practices to protect themselves. In the next post I’ll be talking more about how to prevent cybercrime and stay safe online.