In this lesson I’ll discuss about Cyber Security and Cyber threats. Cyber security is the protection of computer systems, networks, mobile devices(all devices who can connect to internet) , applications and soft wares from bad actors(black hat hackers). Cyber security prevent from data theft, software or hardware damages. Cyber security is also called the information technology security. As you know this is the internet era and the use of internet and information technology is increasing every day. That’s why the need of information technology security or cyber security is also increasing.
Cyber Threats and Cyber Attacks
Cyber Threat: Cyber threat is a malicious act that can damage to our computer systems, networks, software and hardware or steal our personal data. You can say threat mean possibility of damage or stealing personal data.
Cyber Attacks: Cyber attacks are the same as cyber threat with a little difference. Cyber attack is an offensive action but a cyber threat is a possibility to occur a specific attack. There are many types of cyber attacks which may be occur on anyone who use internet.
Actually, the possibility of occurrence a Cyber attack is a Cyber threat and these threats for everyone who is the user of internet.
Types of Cyber Threats or Attacks
There are lot of types of cyber threats, but here you can see below 10 most common types of Cyber Attacks
Phishing is most used technique to steal passwords or other personal information. It is a fraudulent technique, in which a bad actor send you a link, and ask you to enter your information when you put this information in a phishing link these information directly receive to attacker.
For Example: An attacker send you an email with a phishing link and says you “Our Facebook team is checking some security issues, just confirm your password to go this link otherwise your account will be deactivate with in 7 days” . When you will open this fake link, this will be same look like facebook. You will put your password to confirm, but this password will be receive to attacker.
Prevent from Phishing:
- You can check the URL, because URL can’t be same. There will be some difference between orignal company URL and phishing link URL.
- You can go https://isitphishing.org/ to this website to test any URL.
Malware is actually a software or application that is design to damage devices(laptops, computer, servers, mobiles, tablets, etc) or stealing data. There are various types of malware , some most common types are computer viruses, worms, trojans, adware, keyloggers, spyware etc.
Prevent from Malware
- you can install a powerful antivirus in your computer system
- You can go to virus total website to test any file or software
Bot & Botnet
A bot is a type of malware that is used to take control of device. The infected device with bots are known as zombie. Cyber criminal use these zombie device to take more attacks. A network of these
compromised computers or zombie devices is called botnet. Cyber criminals use these botnets to steal data, send spams and perform a Distributed Denial of Services (DDOS) attack.
Prevent from Bots:
- You can use a powerfull antivirus in your device
- You can go to https://www.virustotal.com/gui/ this website to test any file or software.
Ransomware attack is very dangerous attack. Ransomware is the type of malware that encrypt all the data of computer system. Victim can’t access their data after encryption. After encryption, this malware ask for money to victim to get back data access.
Prevent from Ransomware
- Use best antivirus in your computer system
- Don’t download any file or software from un-trusted sources
DOS(Denial of Services ) Attack
A denial of services (DOS) attack is a criminal act, in which an attacker sends a flood of traffic or requests to the target machine, server or network to make them stop. Actually , every web server or network have a limit to handle traffic if requests will be more than specific limit the server or network will be crash and stop working.
DDOS(Distributed Denial of Services)
A distributed denial of services attack(DDOS) is same as DOS attack, but in DDOS an attacker use more than one machine or multiple machines to send flood of requests to a particular server or network to crash. A cyber criminal compromised many computer devices using bots and make a botnet to perform this attack.
MITM (Man in the middle attack)
It is very old and effective cyber attack. In man in the middle attack a cyber criminal intercept communication between two devices. Attacker observe all the communication or information between two parties. Attacker can do this by entering in your network or generating fake wifi access point.
Prevent from MITM attack:
- Scan your network to test any unknown device connect with your network. If an unknown device is connected with your network, just kick them out, you can do this by simply changing your password.
- If you are using public wifi, must use VPN
- Use https protected websites
Brute Force Attack
Brute force attack is password cracking technique which is used by hackers. In this attack, a cyber criminal use a piece of code or script which try again and again all possible passwords until correct one is find. For example, if you are using 4 digit password pin, then there are total ten thousand possible passwords exist from 0000 to 9999. Attacker will try all possible passwords to crack victim passwords with the help of a script.
Prevent From Brute Force Attack
- Use a long password, Your password must be combination of Caps letter, small letters, special character and numbers
- You can Set a limit of incorrect passwords
SQL injection is a malicious technique to injecting sql code in database to dump the database records. In this attack, a bad actor first find vulnerability to injecting. If web application will be vulnerable for SQLi, then hacker can easily dump database and see all records from database.
Prevention from SQLi
- Stop writing dynamic queries
- Validate user supplied input
Cross Site Scripting(XSS)
A cross site scripting attack is a most common web hacking technique in which an attacker inject client side scripts into web pages. If a website is XSS vulnerable , attacker can easily inject malicious code in contact form or search box of website. By injecting these malicious codes attacker can easily steal user login and passwords.
Prevention from XSS
- Never insert untrusted data from dynamic locations
- You can pass all external data from a filter