NEWS & RESOURCES


The need to keep abreast of the latest exploits and developments in Cyber Security is best served by real time feeds however we regularly comment, blog and contribute reports for public consumption a sample of which we publish here...
CONTACT for more.

Are you safe from these common Cyber-attacks?

Do you know out of every 10 people, 7 are at risk of cyber-attacks? Wondering why is that? Well, that’s because of poor security practices and of course lack of cyber security awareness.

Could you become the next victim of cyber-attack?

 

Sorry to say, YES! If you don’t take proper security measures then you could be victimized.

I am not talking about just stealing IDs & passwords, the shit goes pretty deep. With a cyber-attack, the hacker can not only gain your login credentials but he can also SPY on you, steal your money or even worse steal your online identity!

Of course, you don’t want that. Do you?

Don’t worry

Well, this piece is not to scare you, rather increase your security awareness so that you can be prepared!

Now, before we begin, here is a quick fact.

According to our survey, only 42% of the businesses conducted cyber risk training in the past 6 months. You know what this means? This means that they are literally inviting cybercriminals to attack!

And if we talk about the general public, the stats are even worse! So, to ensure that you are aware of what is happening in the online world, we have listed the most common cyber-attacks along with some precautions.

Most Common Cyber attacks

our survey indicates that 44% of the people aren’t sure how a hacker can target his victims, so here are a few of those common attacks.

  • Brute Force attacks

Brute Force attacks are the most common cyber-attacks. According to our research, almost 24% of the total cyber-attacks are Brute Force attacks.

What is a Brute Force attack?

It is basically a systematic try and error approach used by the hackers to get login credentials of their targets. Bots capable of trying 1000s of combinations of login credentials within a minute are used in these types of attacks.

The problem with most IoT devices is that they have default login credentials which makes it much easier for a botnet to guess the login credentials of the users. Just a few weeks earlier, a Bot named Mirai was seen in action to hack into different IoT devices and infecting them with a malware and I’m sure you wouldn’t want that to happen to you, do you?

What to do?

If you want to make sure that you aren’t victimized you must use a strong password.

A password with at least 15 random characters including alphanumeric keys, symbols, capital and small letters is the right way to go. Also, using 2-factor authentication system is highly recommended!

By the way, we have listed a few common passwords, if your password is on the list you should immediately change it.

Here’s the list: Most Common Password list

02- Phishing Attack

2 weeks earlier, a man from Lithuania, Mr. Evaldas managed to fool Facebook and Google authorities into paying him over $100Million.

How? By faking his Identity as the employee of a firm used to work for Facebook and Google through phishing emails.

Attack Explained:

Have you ever received an unwanted email? An email with a word file or perhaps a link to a site that you have never visit before? I hope not, because this how a phishing attack works!

The hacker in Phishing attack sends emails usually disguised as someone you trust or sometimes as a promotional offer forcing the target to take some action. The action could be either entering login credentials, opening an attachment or etc. And as soon as the action is taken, the hacker can steal your login credentials, download a spyware or a malware on your computer and even install a Trojan into your device making it a DDoS master to infect more IoT devices!

According to Mike Loginov CEO and Founder at Cyber Security firm Ascot Barclay and President of the IOTSA:

“Computers are getting better at identifying melodious attachments or rouge links, and that’s driving the attackers towards the much easier and cost effective approach of directly fooling humans — and, unfortunately, the ability to fool humans is an art perfected since the dawn of time and at its core hasn’t evolved that much. We still fall for the same old reworked scams”.

How to stay safe?

  • Never pay attention to any unwanted email.
  • Do not download anything from a non-trusted website.
  • Do not enter login credentials on a site until your 100% sure of its authenticity.

03- Spoofing attack

Hackers try to gain unauthorized access to the network of the victim by faking their identity in spoofing attacks.

The motive behind these attacks is to gain sensitive information of the victims.

Various types of spoofing attacks.

Following are some types of Spoofing attacks:

  • IP address spoofing: The hacker creates a false source IP to disguise as a legitimate user while keeping his original identity a secret.
  • DNS Spoofing: The attacker modifies the DNS settings of the victim’s server and directs the victim to a malicious server containing malware.
  • ARP Spoofing: A technique used by the hacker to send spoofed address resolution protocol messages over a local area network.

Installing firewalls, configuring ACLs manually, packet filtering are some methods which can ensure your safety against spoofing attacks. There is one problem though, all these measures are highly technical and perhaps hiring a professional like ourselves would be a wise thing to do here.

04- Social engineering attacks

Social engineering attack is a broad term which includes all the tricks used by hackers to get sensitive information of the victims. These attacks are basically aimed at fooling humans rather than the machines.

An email with a link to download a paid software for free could be an example of social engineering attack.

A funny story:

A few days back, security researchers showed fake versions of popular sites like “Apple.com” can be created by using characters from different languages, which then could be used to fool people into entering their bank information and etc into the fake site.

Here’s a photo of the fake site created by the security researcher:

ssl

A word of advice

  • Being a little suspicious of any unwanted email or even any unwanted offer should be enough to keep you safe from these attacks!

05- Exploiting vulnerabilities in popular apps and software

Sometimes the hackers scan vulnerabilities in the popular apps and software and exploit them! Of course, no app or software is 100% full-proof and hackers know it too!

Hackers usually insert a malicious code into the app and then every user who downloads it is at the mercy of the hacker.

Just recently, hackers managed to hack the server of famous video transcoder “Handbrake” and infected the app. Even though the vulnerability has been patched by Apple officials, it is suspected that users who downloaded the app between 14:30 UTC May 2 and 11 UTC May 6 could have been infected.

Mostly the hackers use this kind of attacks to install a spyware or a malware in the victim’s IoT device but in some cases, hackers can even get the remote access of the affected device!

What can I do to stay safe?

If you don’t want to become the next victim of these kinds of attacks you should:

  • Never download an app from a third-party store.
  • Update the apps and your web browser regularly.
  • Install an anti-virus on your device.

Stay Aware, Stay Safe!

You know you could reduce your chances of being victimized just by staying aware of the best security practices and this is exactly what we aim to provide! Reading a bit about security practices, changing your passwords regularly, consulting security experts once in a while is a must if you wish to stay safe!

Mike Loginov
CISO
Ascot Barclay Group

 

LOCATION

Ascot Barclay Group Limited
71-75 Shelton Street, Covent Garden
London WC2H 9JQ
United Kingdom

“Mike Loginov is a commentator and presenter on the International Cyber Security Speaker Circuit and has been a judge for the SC Magazine European Cyber Security Awardsfor the past three years. He is also regularly quoted in this leading security publication as an authoritative source”. – SC Magazine