Protecting and defending against cyber-attacks has become a vital
concern of both business and home computer users over the past decade as
Internet services, social media, and the Internet of Things, or IoT, have taken
hold. Three types of security incidents
in the forefront are denial of service attack, phishing email, and password
cracking.
Denial of Service
A denial of service or dynamic denial of service attack leverages Internet Protocols to send large amounts of packets and data at web sites, home routers, or other systems on the Internet with the intent of impacting their usage. Sometimes these Internet protocols are forms of ICMP traffic, like ping. By sending the large size and volume of packets at the system, the attacker can crash services, or prevent others from accessing the service. Systems are vulnerable to this type of attack because they need to accept traffic to provide their services. Deploying firewalls to limit or prevent traffic could be used to protect against this attack (CISA, 2019).
Phishing Emails
Another source of attacks is through a phishing email. Phishing emails are designed by attackers to look legitimate, either by playing on the emotions of the recipient. A form of phishing email called whaling specifically targets individuals using social media with the intent to extract financial gains from the target. A phishing email can provide attachments or links to other web sites within the email that either ask the user to log in or download malicious content like ransomware. Once the attacker has either obtain the user name and password of the recipient, they will attempt to login to other Internet services like banking websites. Educating users to see the indicators of a phishing email, like odd email addresses, broken English, or a sense of urgency, the email attempts to solicit assist in prevention. Besides user education, using an email service that filters and detects phishing emails will stop efforts. Finally, protecting your computer with antivirus software will prevent malicious software from installing or executing on the computer (Fruhlinger, 2020). Finally, password cracking or credential stuffing is another.
Password Cracking
Credential stuffing is the act of programmatically attempting to determine the password of a user account. This type of attack can be carried out quickly, especially when weak passwords are allowed. Protections like alerting on failed logins, end-users education about strong passwords, and using multi-factor authentication. With the rapidly increasing threats the Internet poses, it is critical for businesses and home users to stay informed and implement commonsense protections of their systems and data.
Denial of Service
A denial of service or dynamic denial of service attack leverages Internet Protocols to send large amounts of packets and data at web sites, home routers, or other systems on the Internet with the intent of impacting their usage. Sometimes these Internet protocols are forms of ICMP traffic, like ping. By sending the large size and volume of packets at the system, the attacker can crash services, or prevent others from accessing the service. Systems are vulnerable to this type of attack because they need to accept traffic to provide their services. Deploying firewalls to limit or prevent traffic could be used to protect against this attack (CISA, 2019).
Phishing Emails
Another source of attacks is through a phishing email. Phishing emails are designed by attackers to look legitimate, either by playing on the emotions of the recipient. A form of phishing email called whaling specifically targets individuals using social media with the intent to extract financial gains from the target. A phishing email can provide attachments or links to other web sites within the email that either ask the user to log in or download malicious content like ransomware. Once the attacker has either obtain the user name and password of the recipient, they will attempt to login to other Internet services like banking websites. Educating users to see the indicators of a phishing email, like odd email addresses, broken English, or a sense of urgency, the email attempts to solicit assist in prevention. Besides user education, using an email service that filters and detects phishing emails will stop efforts. Finally, protecting your computer with antivirus software will prevent malicious software from installing or executing on the computer (Fruhlinger, 2020). Finally, password cracking or credential stuffing is another.
Password Cracking
Credential stuffing is the act of programmatically attempting to determine the password of a user account. This type of attack can be carried out quickly, especially when weak passwords are allowed. Protections like alerting on failed logins, end-users education about strong passwords, and using multi-factor authentication. With the rapidly increasing threats the Internet poses, it is critical for businesses and home users to stay informed and implement commonsense protections of their systems and data.
CISA. (2019, Nov). Understanding
Denial-of-Service Attacks. CISA- Department of Homeland Security. Retrieved
from https://www.us-cert.gov/ncas/tips/ST04-015
Fruhlinger, Josh (2020, Feb). What is phishing?
How this cyber attack works and how to prevent it. CSO. Retrieved from https://www.csoonline.com/article/2117843/what-is-phishing-how-this-cyber-attack-works-and-how-to-prevent-it.html
Vahid, F., & Lysecky, S. (2017). Computing
technology for all. Retrieved from zybooks.zyante.com/