Hackers are using increasingly clever tactics to get at your data, sometimes compromising security systems that were considered nearly impervious.
This should be of no surprise to anyone in the cybersecurity field. The number of hackers, both private and state-sponsored, has grown tremendously over the past decade while their success rates have increased due to the proliferation of cyberwarfare techniques.
So what are hackers using to get at your data?
Here is a list of the top five tactics hackers use to steal your data and how IT companies counter them. Collectively, hackers are extremely clever individuals who are constantly looking for new ways to subvert security measures so there’s no way to be completely safe from hackers if you are an IT company.
1. Man-in-the-middle (MITM) attacks
MITM attacks can occur when hackers tamper with communications between an end point, like you mobile phone, and the server it is communicating with in order to obtain sensitive information like usernames, passwords, and credit cards.
The hackers’ goal is to intercept the data between the end point (your phone) and server (company website) without either party’s knowledge. This can be accomplished by hackers exploiting vulnerabilities in Wi-Fi networks or DNS servers . When hackers are successful at this, they are able to obtain your device’s IP address, which can then be used to geo-locate your device and further compromise it.
The hackers’ goal is to intercept the data between the end point (your phone) and server (company website) without either party’s knowledge. This can be accomplished by hackers exploiting vulnerabilities in Wi-Fi networks or DNS servers . When hackers are successful at this, they are able to obtain your device’s IP address, which can then be used to geo-locate your device and further compromise it.
There a number of things you can do as an IT company to prevent hackers from executing MITM attacks on consumer devices:
– Use SSL certificates to encrypt data transmitted to and from your device
– Use two-factor authentication to verify the identity of end users
2. Phishing Attacks
The hackers’ goal with phishing attacks is to trick you or someone else (employees, customers or any other user) into providing hackers with sensitive information like usernames, passwords and credit card information.
These attacks typically involve hackers sending out emails that contain hyperlinks or attachments. The hackers hope you or someone else is tricked into clicking on the hyperlink or opening the attachment which installs malware onto your system that hackers can use to gain access to your device and further compromise it.
There are a number of ways hackers can make phishing attacks more convincing that you or someone else would fall for them like including:
– Spoofed email addresses to make it appear as though the email is from someone you know
– Use fake hyperlinks by making them appear real (ie make the hyperlink look like an official website)
– Use attachments that are real looking or actually functional (ie PDFs or Word Documents with hackers email address)
There are a number of things you can do as an IT company to help reduce the risk of phishing attacks against your customers:
– Implement multi-factor authentication for any accounts that allow it
– Educate your employees on how hackers can spoof email addresses to increase the likelihood the phishing email is successfully received
– Use filtering services to block any known phishing URLs or attachments
3. Ransomware Attacks
Hackers’ goal with ransomware attacks is not only to exploit vulnerabilities in your device but also make you pay money for hackers to have them fix it.
Hackers can install ransomware onto a device in a variety of ways:
– Install malware onto your system with phishing attacks
– Exploit vulnerabilities on public Wi-Fi networks
– Exploit vulnerabilities on Bluetooth enabled devices
If hackers successfully exploit the vulnerabilities on your system, hackers can encrypt your data and demand a ransom in order to decrypt it.
There are a number of ways hackers can make ransomware attacks more convincing that you or someone else would fall for them like including:
– Use images on the ransomware’s decryption page that include logos from official sources (ie police department)
– Use fake Windows error screens to make it look like hackers successfully breached your system
– Include a timer on the decryption page that appears to be counting down and indicate if you don’t pay hackers by a certain time they will delete your data
4. Clickjacking Attacks
Clickjacking is one of the newest and most dangerous vulnerabilities hackers exploit.
Hackers’ goal with clickjacking attacks is to trick you into clicking on a hyperlink hackers know will lead to malware being installed onto your system or hackers gaining access to sensitive data.
Since hackers can’t typically get you or someone else to click on a hyperlink hackers want, hackers use clickjacking to get around this. Hackers accomplish this by hiding a hyperlink hackers want you or someone else to click on under what hackers know will be a more likely place you or someone else would click (ie play games, watch videos or download files).
Once hackers successfully get you to click on the hyperlink hackers want hidden, hackers can have malware installed onto your system or hackers can gain access to sensitive data hackers know you would not willingly provide.
There are a number of ways hackers add hyperlinks they want you to click on underneath places where hackers know people will be clicking:
– Local HTML files on your computer that automatically load when hackers access your computer
– Embedded JavaScript code hackers add to pictures hackers know people will view (ie slideshows)
5. Evil Twin Attacks
Although hackers can install ransomware by exploiting vulnerabilities in your device, hackers don’t always have to do this. Hackers know it can be difficult for you or someone else to determine whether hackers successfully breached your system or not without seeing the hackers decryption page hackers demand you pay for.
Hackers can take advantage of this by creating what is known as an evil twin network, which hackers use to make it appear like hackers are operating their own Wi-Fi hotspot (ie hackers create a wireless access point called “Network Name”).
Once hackers create an evil twin network hackers know will draw in unsuspecting people hackers try to communicate with your device by using the name hackers used to make it appear hackers are operating their own Wi-Fi hotspot (ie “Network Name”).
If hackers successfully connect their device to hackers’ evil twin network, hackers can have malware installed onto your system or hackers can gain access to sensitive data hackers know you would not willingly provide.
There are a number of ways hackers create evil twin networks hackers know will draw in unsuspecting people hackers want to communicate with:
– Use an antenna hackers place near places where they think people congregate (ie restaurants, airports or coffee shops)
– Use a wireless transmitter hackers attach to lamp posts hackers know people will walk by