Kamis, 24 Agustus 2017

Semalt Expert: A Closer Look Into The Hackers Toolkit


Once hackers learn of a way to hack an organization, they will use it drawing on their experience and past successes. Therefore, trying to make sense of any data breach can prove of significant value as one gets into the mind of the attacker and consider the ways they may use to cause harm.

Frank Abagnale, the Customer Success Manager of Semalt Digital Services, presents the most common types of attacks commonly used by hackers:

http://rankexperience.com/articles/img/1119-2.jpg1. Malware

Malware refers to an assortment of harmful programs such as viruses and ransomware that give attackers remote control. Once it gains entry into the computer, it compromises the integrity of the computer and taking over the machine in use. It also monitors all the information flowing in and out of the system, as well as the actions on the keystrokes. In most instances, it requires the hacker to use ways through which they can get the malware installed such as links, and harmless looking email attachments.

2. Phishing

Phishing is typically used when the attacker disguises themselves as somebody or an organization they trust to do something they would not. They tend to use urgency in the email, like fraudulent activity, and an email attachment. On downloading the attachment, it installs the malware, which redirects the user to a legitimate looking website, which continues to ask for personal information from the user.

http://rankexperience.com/articles/img/1119-3.jpg3. SQL Injection Attack

The Structured Query Language is a programming language, which helps communicate with databases. Most servers store private information in their databases. If there are any gaps in the source code, a hacker may inject a SQL of their own, which allows them a back door where they can ask for credentials from the site’s users. The issue becomes more problematic if the site stores critical information about their users such as credit information in their databases.



4. Cross-Site Scripting (XSS)

It works in the same way as SQL injections, as it injects malicious code into a website. When visitors gain entry into the site, the code installs itself on the user’s browser, thus affecting the visitors directly. Hackers insert automatically run comments or scripts on the site to use XSS. Users may not even realize that hackers hijacked their information until it is too late.

http://rankexperience.com/articles/img/1119-4.jpg5. Denial of Service (DoS)

A DoS attack involves overloading the website with too much traffic to a point it overloads the server and unable to serve its content to the people trying to access it. The kind of traffic used by malicious hackers is meant to flood the website to shut it off from users. In a case where several computers are used to hack, it becomes a Distributed Denial of Service attack (DDoS), giving the attacker different IP addresses to work simultaneously from, and making it harder to trace them.



6. Session Hijacking and Man-in-the-Middle Attacks

The back and forth transactions between the computer and the remote web server each have a unique session ID. Once a hacker gets a hold of the session ID, they can make requests posing as the computer. It allows them to gain illegal entry as an unsuspecting user to obtain control over their information. Some of the ways used to hijack session IDs is through cross-site scripting.

http://rankexperience.com/articles/img/1119-5.jpg 7. Credential Reuse

Due to the increased number of websites requiring passwords, users may opt to reuse their passwords for given sites. Security experts advise people to make use of unique passwords. Hackers may gain usernames and passwords and use brute force attacks to gain access. There are available password managers to help with the various credential used on different websites.



These are just but a few of the techniques used by website attackers. They are constantly developing new and innovative methods. However, being aware is one way to mitigating the risk of attacks and improve security.

Tidak ada komentar:
Write komentar