The job of cyber security is growing, despite the popularity of security software, and increased awareness of security threats among computer users. Cyber Security Engineers need to be aware of these ten common threats, and know how to seek out and disable them.
Phishing
Phishing is when the cyber attacker tries to get you to give them your sensitive data, such as user names, passwords and credit card details. Often, they accomplish this by imitating a trusted financial site, such as your bank. Phishing is a form of social engineering, described below
Tampering
Tampering refers to people modifying physical computer hardware. Attackers can install software that disables a computer’s encryption system, or plant spyware in a router.
Spoofing
Any communication that is sent from an unknown source, but is trying to look like a trusted address is known as spoofing. It is most common in email systems that lack a high level of security. A person could argue that those emails from a “Nigerian prince” is one of the simplest forms of spoofing.
Backdoors
Just like a popular club, your computer system could have heavy security at the front end, but a back door that has none at all. Sometimes backdoors exist by design, and sometimes it’s an oversight. Either way, an unguarded back door leaves computer systems vulnerable to attack.
Denial of Service Attack
Denial of Service Attacks are a frequent form of cyberattack, which makes a site unavailable to its users. They can affect either individuals, or block all users at once. Often the attack comes from many points, called a distributed denial of service attack, or DDoS. The computers attacking can be “zombie computers” or the computers of innocent people can be roped into the attack.
Direct Access Attack
Like Tampering, a Direct Access Attack involves having physical access to a computer. Once in, an attacker can make operating system modifications, or install a keylogger (to pick up passwords, etc).
Eavesdropping
Private internet conversations are at risk of eavesdroppers, including ones from official channels. Eavesdropping programs can listen into hosts of Internet Service Providers (ISPs). They can also pick up the electro-magnetic transmissions that hardware sends out.
Privilege Escalation
When Ferris Bueller logged onto the school computer system and boosted his grades by impersonating the principal, he was using Privilege Escalation. It’s when a standard computer user is able to fool the system into giving them access they’re not entitled to.
Clickjacking
Clickjacking is a common threat on some of the shadier alleys of the Internet, such as unauthorized streaming sites. It’s when the web developers create a user interface where the user clicks a button they think will do one thing (like stream an episode of Game of Thrones) and they are routed to an irrelevant page owned by someone else. Some cyber attackers will use this technique to log keystrokes onto an invisible frame, on top of a legitimate-looking web page.
Social Engineering
Social Engineering refers to any strategy that tries to convince a user to give away secret information such as passwords, card numbers and confidential data. It can be phishing sites, mentioned above, or fake letters from supposed CEOs or customers. This strategy is as effective as it is simple, and costs US business over $1 billion per year.
Are You Interested In Tackling Cyber Threats Head-On?
Learn how to recognize these threats and disarm them, by training as a Cyber Security Engineer at Abco Technology.