Network Security
Phishing and social engineering, which go hand in hand because Phishing falls under social engineering and is a sort of social engineering, are the two computer security occurrences I will go over in detail.
Phishing
“Phishing is a type of Internet scam that tempts users into divulging private information like passwords or credit card numbers, according to chapter 8. The word comes from "fishing," which involves putting out bait and waiting for a fish to bite.” (Vahid, F., & Lysecky, S., 2019) The most common form of social engineering is phishing since it is simpler to trick individuals and those who don't pay attention to the small details or warning signs. The purpose of phishing scams is to terrify or pressure the victim into making a hasty decision because the attacker is pressuring you to do so.
Social engineering
Malicious activities should be carried out through human interactions as mentioned in the Imperva blog. It uses psychological trickery to deceive users into divulging critical information or breaking security rules. (2021, Imperva) Many forms of social engineering exist. Baiting, scareware, and phishing are only a few examples of social engineering, which is simply a board term.
Phishing: When the attacker sends the victim or target an email link or pop-up message that contains ransomware or malware that could grant the attacker access and control, computers are exposed to this threat.
Social engineering: Social engineering has a greater impact because victim information is used and compromised, however some computer systems may also be impacted by software and operating system weaknesses. The goal of a social engineering attack is to coerce the victim into providing private and sensitive information so that the attacker can use it to access or hack the system.
Phishing:The trustworthy element is used by phishing to make victims fall for it more easily. Phishing can cause the corporation, person, or business to lose sensitive information to an unauthorized third party, which could be harmful to the target. It might cause the target to lose money or place them in a position where the information might be utilized unlawfully. Because of this, phishing harms you by collecting information and installing malicious software that can lock up your data or be used as ransomware.
Social engineering: After gaining the victim's confidence, the attacker exploits that information as a point of entry into the system. The attacker would next search for weak points of entry and lax security protocols necessary to carry out the attack, according to the Imperva blog. The attacker next makes an effort to win over the victim's trust and offer incentives for later security-breaking activities, such disclosing confidential information or allowing access to essential assets.(Imperva, 2021) Such damages could include extortion threats by the attacker to expose private information if money is not paid or the attacker taking down the system and stopping all operations.
Phishing: Using the company's multiple authentication or, I believe Microsoft has one as well, which would grant users access to your thing with a one-time text or code, is one of two recommendations to protect against phishing attacks. This makes it more difficult for hackers to obtain your password and other information. The alternative suggestion would be to just avoid opening emails and attachments from unreliable sources and to always verify the sender and source. Go over the email for typos or digits that could pass for letters. Alter the settings on your spam filter as well.
Social engineering: My first recommendation is that businesses hold or host staff cybersecurity awareness training/classes once a year to help and keep it current for everyone. This will help safeguard employees from social engineering. Maintaining the antivirus/antimalware software's updates is my second recommendation. Don't use the same password more than once and change it every six months.
References
Fortinet. (2022, March 8). Ping of death. https://www.fortinet.com/resources/cyberglossary/ping-of-death
Imperva. (2021, August 8). Ping of Death (POD). https://www.imperva.com/learn/ddos/ping-of-death/. https://www.imperva.com/learn/ddos/ping-of-death/#:~:text=What%20is%20a%20ping%20of,using%20a%20simple%20ping%20command
Social Engineering. (2021, May 5). imperva. https://www.imperva.com/learn/application-security/social-engineering-attack/#:~:text=Social%20engineering%20is%20the%20term,or%20giving%20away%20sensitive%20information
Vahid, F., & Lysecky, S. (2019). Computing technology for all. zyBooks.
Comments
Post a Comment