A little insight to information security, cyber security and data privacy

Addis Software » A little insight to information security, cyber security and data privacy

12 mins read

The internet network,the means  for the US military computers to stay connected once,has morphed from military communication to a global one.

This huge network has now become the means of staying in touch with friends and family  overcoming the problems of geographical barriers.Not only that, it has now become a key driver for many businesses as they lay their  operational foundation on this huge network.

Using this  invention for basically anything makes the surfing of personal and highly confidential data  through it inevitable which  if not protected properly might cause a catastrophic result.

With so much happening through this huge network it is no surprise that a small section of technologically gifted chooses to exploit the more vulnerable among us.

What is cyber crime?

Cyber crime is as simple as a criminal activity or an infiltration that might happen on a computer or a networked device.

Network devices that are not well protected are prone to this crime. The same benefits such as easy communication,easy work flow,easy access to information and soon we gained from this invention is ironically what makes committing cyber crime more easier.

A cyber criminal might obtain your data illegally or might hack your device and use it to commit further crimes.

 Common methods

  • Malware

It refers to a software or a code that is designed to infiltrate,disrupt,damage or gain unauthorized access to computer systems,networks or devices.It comes in different forms like viruses,trojans,ransomware,worms,spyware and so on.once a malware is on your device a hacker might lock the computer system and cease its functionality,secretly sent data from your device,get access to the network device and more.

Types of malware

  • Viruses: Viruses are a type of malware that can self-replicate and spread from one computer to another by attaching themselves to legitimate files or programs. They can cause damage to files, corrupt data, and disrupt system functionality. 
  • Trojans: Trojans, named after the Trojan horse from Greek mythology, appear as legitimate software or files but contain hidden malicious code. Once activated, Trojans can perform various unauthorized actions, such as stealing sensitive information, providing remote access to attackers, or installing additional malware. 
  • Ransomware: Ransomware is a type of malware that encrypts a victim’s files or locks their computer system until a ransom is paid. It effectively holds the victim’s data or system hostage, causing financial loss and disruption to businesses and individuals. 
  • Worms: Worms are self-replicating malware that can spread rapidly across computer networks without requiring user interaction. They exploit vulnerabilities in systems and use network connections to infect other devices, causing network congestion and compromising the security of affected systems.

  • Phishing

Phishing is a type of cyber attack where attackers attempt to deceive individuals into revealing sensitive information such as password,credit card information or personal details by posing as a trustworthy entity.The attacker sends out message,often via email,that appears to be from a legitimate source.They might use social engineering techniques to create sense of urgency. 

There are different fishing techniques some of them are

  • Link spoofing

Attackers often employ deceptive tactics to trick users into clicking on malicious URLs. One common technique involves creating a fake URL that closely resembles a legitimate one, making it harder for users to notice any subtle differences. This increases the chances of users unknowingly clicking on the malicious link. While some users can easily spot manipulated links (such as the authentic URL thelegitbank.com versus the shady URL theleg1tbank.com), attackers also utilize homograph attacks. Homograph attacks exploit characters that have similar appearances, which can diminish the effectiveness of visually detecting malicious URLs.

  • Malicious and Covert Redirects

Attackers can employ redirects to compel a user’s browser to interact with an unintended website. Malicious redirects often occur on websites that users would typically or willingly visit, but they are then forcefully redirected to an undesired website controlled by the attacker. This redirection can be achieved through various means, such as compromising a website and inserting their own redirect code or exploiting existing vulnerabilities on the target website that enable forced redirects using specially crafted URLs.

  • Man in the middle attack

A MiTM attack is a type of cyber attack where an attacker intercepts and potentially alters communications between two parties who believe they are directly communicating between each other.The attacker possibly modifies the messages exchanged between the two parties without their knowledge.The attacker either sets up and sift through any data which is transferred on an unsecured public connection or  adds software to your machine which tracks all data you  transfer regardless of how private a connection is.

Some  of the  man in the middle attacks are 

  • ARP Spoofing

The Address Resolution Protocol (ARP) is utilized in local area networks to map IP addresses to physical MAC (media access control) addresses. When a host needs to communicate with another host using a specific IP address, it consults the ARP cache to resolve the IP address to its corresponding MAC address. If the MAC address is not known, an ARP request is sent to obtain the MAC address associated with the given IP. In a security context, an attacker can exploit ARP to impersonate another host by responding to ARP requests that it should not be responding to, providing its own MAC address instead. By strategically manipulating network packets, the attacker can intercept and eavesdrop on the private traffic exchanged between two hosts. This interception can yield valuable information, including the exchange of session tokens, potentially granting the attacker unauthorized access to application accounts that they should not have been able to access

  • DNS Spoofing 

DNS spoofing involves manipulating the DNS cache information to redirect a targeted host to a malicious host associated with a specific domain name. The attacker’s goal is to trick the victim into sending sensitive information to the malicious host, taking advantage of the victim’s belief that they are interacting with a trusted source.By introducing corrupted DNS cache information, the attacker deceives the victim’s host into resolving the domain name to an incorrect IP address. This manipulation leads the victim to establish a connection with the attacker’s host instead of the legitimate one

  • Distributed denial of service attack

A distributed denial of service(DDoS) attack is a type of cyber attack that aims to disrupt the normal functioning of a website,server or network by overwhelming it with a flood of

Illegitimate traffic.In DDoS attack,multiple compromised computers or devices,known as bots or zombies,are coordinated by the attacker to send a massive volume of requests or data to the target, rendering it inaccessible to legitimate users.

Types of  DDoS attacks are

  • System-targeted denial-of-service

These attacks primarily aim to hinder the functionality of targeted systems by exploiting vulnerabilities. One prevalent attack vector is resource depletion, where the attacker deliberately exhausts limited system resources such as memory, CPU, or disk space.one example is A SYN flood DDoS  in which an attacker rapidly initiates a connection to a server without finalizing the connection. The server has to spend resources waiting for half-opened connections, which can consume enough resources to make the system unresponsive to legitimate traffic.

  • Application-targeted denial-of-service

In these attacks, the existing behavior of the application is exploited to create a situation where the service is denied to legitimate users. There are different methods employed to achieve this goal

Attackers might generate requests that put excessive stress on a critical component of the application, such as a central database. This heightened load can hinder other users from accessing or utilizing the application as intended. Another approach involves exploiting vulnerabilities within the application. Attackers may trigger error conditions that lead to application crashes, rendering it unavailable to users.

  • SQL injection

SQL injection is a type of vulnerability that occurs when an attacker is able to manipulate  the input parameter of an application that interacts with database.By exploiting this vulnerability,the attacker can execute malicious SQL statements in the application database potentially gaining unauthorized access to data,altering data or event executing arbitrary commands on the running server.

SQL injection attacks can be carried out in a number of ways

  • Unsanitized Input

Unsanitized input is a common type of SQLi attack in which the attacker provides user input that isn’t properly sanitized for characters that should be escaped, and/or the input isn’t validated to be the type that is correct/expected

  • Blind SQL Injection

In this injection an attacker carefully analyzes indirect hints and behavior patterns. Various factors can serve as clues, depending on the attacker’s objectives. These include details present in HTTP responses, blank web pages triggered by specific user input, and the response time of the database to certain user input. By examining these clues, the attacker deduces information about the underlying database structure or content, allowing them to infer data indirectly. These insights can guide the attacker towards other potential avenues for SQL injection attacks to exploit

Cybercriminals will use all of these types of scamming techniques to get access to businesses’ most sensitive data.There are different motives and drives to commit a cyber crime.

Business financial details

  • This is the most common target of an attack, a company’s financial information is something it naturally wants to keep as private as possible.
  • Large social and reputational damage will happen if this kind of information falls to the hands of an attacker.

Customer financial detail and staff personal information

  • Similarly, a lot of organizations will store the sensitive data of their customers. This is especially true in the case of banks, betting websites or e-commerce stores. Allowing this information to leak could have an impact on the business’s own finances.
  • Since most businesses store their staffs personal information a scammer might attack to gain access to personal details

Intellectual property

  • If you possess any trade secrets or designs which are exclusive to your business, a motive might be to make a financial gain by securing unwarranted access to them.

But the concept of security is not only bound to the technical aspect of our world.Although implementing a cyber security attack protection measures can keep running businesses safe from disclosure of confidential  information,  smallest takeaways from exclusive business information might lead to unwanted results.

Some of them are 

  • Reputation Damage

Even the disclosure of seemingly small and exclusive information can tarnish the company’s reputation.Customers ,partners and stakeholders may lose trust in the company’s ability to protect sensitive information leading to a decline in customer confidence and potential damage to business relationships.

  • Competitive disadvantage

Exclusive information can provide competitors with insights to companies strategies,plans or upcoming product releases.This can erode the company’s competitive advantage and allow competitors to adjust their own strategies accordingly,potentially impacting market share and profitability.

  • Financial loses

Depending on the disclosed information the company might suffer financial losses.For example If the information  relates to financial performance,undisclosed mergers or acquisitions, or pending legal issues,it could affect stock prices,investor confidence or legal outcomes,resulting in direct financial implications.

  • Customer impact 

Exclusive information about customers,such as personal data or transaction details can harm customer trust.Customers might feel like their privacy has been compromised,leading to a loss of business and potential legal consequences.

To mitigate the impact of disclosed information a company must conduct  regular risk assessments and establish incident response plans to address potential breaches.Employees also must be educated on the importance of data confidentiality and implement a strong access control.A company also needs to establish legal and contractual safeguards to hold parties accountable for unauthorized disclosure.

  • Make your passwords as strong as possible
  • Implement security software which runs a deep scan for viruses
  • Review software employees use to remotely access your system and disable where necessary