Protect yourself, wherever you can…
In the past, various social media platforms have been hacked which involved leaking of data and confidential information of particular companies. Hacking into social media platforms does not require much technical knowledge, it is more of a psychological game. Social engineering uses persuasive psychological techniques to exploit the weakest link in information security system with a security question, recovery method, etc. In order to firmly defend ourselves, we need to have information about the opponent’s arms and ammunition-
- Footprinting: This is a method which conducts a target analysis, identification and discovery typically through the use of open source tools, this include, dumpster diving, social engineering and the use of utility such as website hacking, treasurers, pings, network lookups etc.
- Scanning: This step extracts information from footprinting and explores more data from it. This step includes pore scanning, operating system identification and determining whether or not a machine is accessible.
- Enumeration: This is a phase where the hacker further interrogates a specific server to determine an operating system’s software. It includes searching for network shared information, the specific version of the application running, user account, traffic and more.
- Network Mapping: This step is exactly as the name implies. Laying out an illustration of the target network, this includes taking all the resources, logs, target surveys, etc. to create a visualization of the target environment, this often looks different from the exploitative perspective.
- Gaining Access: This step is the exploitation process. This is about gaining access to a machine or network by the client’s side, insider threat, supply interdiction or remote exploitation opportunity, which can be conducted by spearphishing, device exploitation, and many more.
- Privilege Escalation: Depending on the exploitation opportunity, it is conducted in various different scenarios, where the hacker may need to escalate his privileges. It is conducted through local exploit opportunity in order to gain system-level privileges, the highest possible user.
- Post Exploitation: This step is a compilation of many steps and is dependent upon the objective of the mission. It includes any combination of target surveys and remote forensic analysis, cover track (cleaners), data collection, backdoor implant resistance, computer network attacks, delay target survey and more.
- Forensic Analysis: This step is to conduct analysis on the target machine for potential security mechanisms, fires or users which could either assist in obtaining the objective or harmed assessment. It basically analyses the target’s operating environment.
- Cover Tracks: This is the process of removing any forensic relevant residue that was left behind as a result of exploitation. This is one of the most important steps that the hacker can perform.
- Data Collection: The attacker is in the present to perform some activity, which involves extracting as much data as possible. Network traffic analysis is the key to this phase.
Common mistakes which you can avoid, save your data from being accessible or penetrable by hackers!
- Same password for multiple accounts: If the hacker hacks one of your accounts, all your other accounts are up for a toss. The hacker is likely to gain access to other accounts as well. It is recommended that you have different passwords for all your accounts, thereby not giving the hacker any sort of leverage.
- Short Passwords: When you use multiple passwords that are not complex, you expose yourself to the risks of attacks. It is the kind of attack when a hacker is using special software to hack your account.
- Using weak or no wireless encryption on your wireless network: If you have a wireless network in your home and that is not encrypted or using encryption then you are basically letting everyone to your internet connection. You are also helping potential hackers to enter your system. You might have your encryption turned on, but if it is outdated it will not help you anyhow. WEP can be cracked by most hacks, consider implementing WPA based encryption with a strong wireless network password.
- Using unknown flash drives: Backing up is important but be careful when inserting someone else’s flash drive or using it on your computer. External devices are risky to use and can be fooled with. Scan your device regularly for viruses to ensure that you are not a victim to hacking.
- Responding to Pop-up Messages and/or Unsolicited Emails: It is a quick rule to having your computer being infected. Treat such emails and messages with suspicion. Turn on your browser pop up blocking feature and consider using browser plugin such as nose clip to protect yourself.
- Answering phishing Emails: 80000 users fall for phishing scams every single day. Most email systems have spare filters to catch such spams, but always check the sender’s name and email.
- Using unpatched OS and Applications: The timely application of security patches is extremely important these days. Hackers and cybercriminals are relying on the fact that many of their potential victims likely have unpatched vulnerabilities present on their system. Hackers will exploit these vulnerabilities to gain entrance into the victim’s system. These attacks can be prevented if the user keeps his system up to date with the latest available security patches.
- Using Public Wifi: Do not use any public wifi to access your personal information. These networks are not secure and can be a trap. As soon as connect to the wifi, you could be given a hacker accessed password which would harm your system and give easy access to the hacker.
- Turning off Security Features: People might disable their firewall to access a particular application, rather than troubleshooting the problem. They might forget to turn the firewall back on after they have finished working on that particular application. Anti-virus application is another application that frequently gets turned off, some people think it would boost their computer’s performance or another resource intensive application. This feature secures your computer and data.
- Mistakes by Web Developers: Developing their own security methods which might be flawed and vulnerable, moreover discoverable by hackers. Focusing on companies and not the overall system, adding security at the end of development. Storing data and passwords unencrypted in the database.