Where there is gold, people will always try to steal it (except good people like you and me). In today’s world, data is the new gold. A lot of sensitive data is stored and sent over the internet and there are lots of loopholes that malicious actors do not hesitate to explore. From the infant years of the Internet to date, many methods have been used to try to access sensitive data stored on the Internet. Some of the methods are:
Man-In-The-Middle (MITM) Attacks: In this type of attack, the attacker secretly positions himself in the middle of two communicating parties, intercepting the data being exchanged, and may alter, steal, or redirect the intercepted data.
There are several types of MITM attacks. The most common one is email hijacking, where malicious actors take control of the email accounts of financial institutions, or even ordinary users, monitoring communications, intercepting and altering data.
Domain Name System (DNS) Spoofing, another popular method, the attacker tampers with DNS responses and attempts to redirect victims to the wrong websites. DNS Spoofing should not be mistaken for Address Resolution Protocol (ARP) spoofing, which involves the manipulation of ARP tables to redirect the network through the attacker’s system.
SSL Stripping is a common MITM attack for HTTPS-encrypted connections. Attackers use poisonous scripts to try to remove the SSL certificates and force a connection over an unencrypted HTTP connection.
MITM attacks try to bypass mutual authentication between two communicating parties, and this poses a high level of threat to the confidentiality and integrity of information, therefore most communication encryption protocols include some kind of authentication method to prevent MITM attacks.
Phishing: Phishing is a form of attack where the unsuspecting user is sent messages that are disguised to be from a trusted source. Email phishing, spear phishing, whaling and CEO fraud, voice phishing, and SMS phishing are some of the many types of phishing, but email phishing is the most popular. Users receive anonymous emails that try to trick them into giving away sensitive information like their usernames and passwords or installing malware in their devices.
In voice phishing, attackers usually use phone calls to trick individuals into providing sensitive information. The caller may pose as a trusted entity like a friend or IT support staff of a financial institution.
Keylogging: This is short for keystroke logging. It is the practice of using a special software (keylogger) to monitor and record data that an unsuspecting user types into his device’s keyboard. There are software keyloggers, which are usually installed into the target device, while hardware keyloggers are in the form of hardware devices and are physically attached to the target device.
Keylogging software is usually difficult to detect, so to be on the safe side, users and advised to be careful with the websites they visit, the applications they install, and the hardware they plug into their devices.
Brute Force Method: Exactly what the name implies. Attackers try to use every means available to break into an account.
Credential Stuffing: In this type of attack, credentials stolen from a data breach are used to hack into accounts in an unrelated source. Sometimes it works, most times it doesn’t, but trying and failing never hurt anybody.
This is not in any way an exhaustive list of possible cyber attacks, but it is enough to raise questions in the hearts of users and perhaps, cause panic. How do we protect ourselves from these attacks?
There are basic steps that you can take to protect yourself. Perhaps the easiest way is to stay hydrated and mind your business online. Avoid entertaining conversations from untrusted people, and do not click on unknown links or install applications from untrusted sources.