Online Threats
A list of common threats you will face while surfing the world wide web.
Know Thy Self, Know Thy Enemy.
Sun Tzu
Ransomware:
Ransomware is a type of malware from cryptovirology that threatens to publish the victim’s personal data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system without damaging any files, more advanced malware uses a technique called cryptoviral extortion. [ Wikipedia ]
Simply – When some prick locks up your computer and files so you cant access anything. They will then ask you for Bitcoin or Cryptocurrency to unlock it. Enjoy that headache. It is never guaranteed that you will get your files back after payment.
Best practice is not to pay and take the loss.
{ Prevention: have offline back ups }
Social Engineering:
In the context of information security, social engineering is the psychological manipulation of people into performing actions or divulging confidential information. This differs from social engineering within the social sciences, which does not concern the divulging of confidential information. [ Wikipedia ]
Simply – People manipulating people for personal gain….never! The idea is to trick you into giving away sensitive information. This can be used to guess passwords, security questions, gain personally identifiable information and/or gain insight into your company.
{ Prevention: don’t talk to people }
Phishing:
Phishing is a type of social engineering where an attacker sends a fraudulent message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious software on the victim’s infrastructure like ransomware. [ Wikipedia ]
Simply – It is the online version of street scammers trying to get you to pay for shit you don’t want. Instead of talking face to face they are trying to trick you into clicking a link or download a file. They can screw you over again and again once they have what they want.
Spear phishing is when the person targeting you has done their research on you and is targeting you and only you. It is a more personalised attack unlike the blanket SMS/Email attacks that go to millions of people.
Backdoor:
A backdoor is a typically covert method of bypassing normal authentication or encryption in a computer, product, embedded device, or its embodiment. Backdoors are most often used for securing remote access to a computer, or obtaining access to plaintext in cryptographic systems. [ Wikipedia ]
Simply – It is a malicious piece of software that has been installed on your device which provides the owner, remote admin-level access to your device. It is like a secert entrance into your system or network.
Botnet:
A botnet is a number of Internet-connected devices, each of which runs one or more bots. Botnets can be used to perform Distributed Denial-of-Service attacks, steal data, send spam, and allow the attacker to access the device and its connection.
The owner can control the botnet using command and control software. The word “botnet” is a portmanteau of the words “robot” and “network”. The term is usually used with a negative or malicious connotation. [ Wikipedia ]
Simply – A massive collection of infected devices that are controlled by a single peanut. Usually used to overwhelm websites with traffic causing the website to crash.
Denial Of Service:
In computing, a denial-of-service attack is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to a network.
Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled. [ Wikipedia ]
Simply – Attacks that take down or crashes systems and networks by flooding them with requests. Like having 1000’s of kids asking is dinner ready 1000’s of times while you try to cook.
Hacker:
A hacker is a person skilled in information technology who uses their technical knowledge to achieve a goal or overcome an obstacle, within a computerised system by non-standard means. [ Wikipedia ]
Simply – There is different types of hackers.
- White Hat – Use their skills to find issues in networks, software and help fix them.
- Grey Hat – Someone that does some good shit but peppered with some law breaking.
- Black Hat – They are up to no good.
Zero Day:
A zero-day is a computer-software vulnerability either unknown to those who should be interested in its mitigation or known and without a patch to correct it. Until the vulnerability is mitigated, hackers can exploit it to adversely affect programs, data, additional computers or a network. [ Wikipedia ]
Simply – This is a vulnerability in a product or software that the manufacturer is not aware of it. Therefore, a fix is not being work on. These security holes are valuable to government’s and criminals.
Malware:
Malware is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorised access to information or systems, deprive users access to information or which unknowingly interferes with the user’s computer security and privacy. [ Wikipedia ]
Simply – A file or program that is designed to cause harm. It comes in many forms a.k.a worms, trojan horses and ransomware etc.
Brute Force:
In cryptography, a brute-force attack consists of an attacker submitting many passwords or pass-phrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords and pass-phrases until the correct one is found. Alternatively, the attacker can attempt to guess the key which is typically created from the password using a key derivation function. [ Wikipedia ]
Simply – A person or a computer will try break into accounts by guessing usernames and passwords over and over again. This can be successful when using wordlists created from leaked passwords.
Try not to get overwhelmed with the amount of threats the goal is to build your own threat model. Identify and prioritise threats to your individual circumstances. Keep it simple stupid.
< feel free to contact me if you have other threat you want added to this list >
Thanks for your blog, nice to read. Do not stop.