The number of crimes on the Internet and cyber attacks to computers of users grows every new year, however in most cases criminals use methods already known to all from which it is possible to be protected. How to be protected from cyber attacks?
Cyber attack: definition and types
Cyber attack is a purposeful way to steal to compromise or break work of OS on purpose both to put the PC out of action, and to steal data. It is possible to divide cyber attacks to three views:
- Harmless (relatively). These are such attacks which do not cause to the computer any damage. It can be implementation of spyware for collection of information or other programs. The point is that the person will not know that the computer is infected.
- These are those cyber attacks which actions are directed to violation of work both computers, and computer systems. Virus software in overwhelming quantity of cases tries in all ways to sabotage operation of the PC, that is to destroy data, to cipher them, to break OS, to reboot , etc. The final result — extortion and loss of both revenues, and time.
- The most dangerous type of cyber attacks at which municipal and public services become the victims. Such attacks are directed to certain structures whose malfunctions in work can weaken or destroy infrastructure of the state.
The most popular attacks of hackers and ways of protection
Viruses and extortioners
In most cases a virus for the PC call any software if it brings to the computer and its owner. In most cases the virus can develop at the person after it opens the file sent by mail will follow the link to the unprotected website or will make other similar actions.
Viruses extortioners are the special viruses capable in case of infection to encrypt, block or alter the important system and user websites. At the same time it is possible to unblock a virus and to nullify its actions after password entry or after medicine installation. But, as the virus is an extortioner, the user will be able to cope with it (if there is no other way) only after money transfer.
It is very simple to be protected from such viruses — it is necessary to have an antivirus on the computer, not to follow the unfamiliar links and not to download suspicious files.
PUP or potentially undesirable program
PUP software or potentially undesirable software is spy programs, trojans and advertizing viruses. In most cases all this is in one form or another installed together with the useful program loaded by the user.
There is a lot of opportunities at PUP software, beginning from record keyed and scannings of files, and finishing with data scanning and reading cookie-files.
For protection against similar threats to the user it is not recommended to install or load applications and expansions for the browser, especially if software is located on an unreliable web resource. Also at installation of any program it is important to check the hidden ticks and to use advanced options of installation.
Phishing
The phishing is one of ways of cracking at which e-mails are used. Rather old way within which the user is tried to be deceived and, through deception or requests, to obtain from it data of the login and the password from the websites or services. Letters at a phishing can be both non-registered, and presented in the form of official access from bank or from the familiar person.
Protection too simple — is enough to give nobody data of the login and the password from something at all and to install the program for protection of e-mail for verification of letters on spam. It is also possible where it is possible, to install multifactor authentication (at which after input of the login/password it is necessary to enter the code, a confidential word or the number got by SMS).
Cracking of accounts
Hackers can get full access to any account of the person, especially when using "frontal attack" at which special software just touches various couples of login/password.
As the program is engaged in such work, it is necessary to configure blocking of the account after some incorrectly entered password. And still it is possible to use protection against robots, that is the reCAPTCHA system.
The outdate or not updated software
And it is already eternal problem — many hackers for data acquisition or input of viruses in someone else's computer use any available vulnerabilities both in web applications, and in system programs. As an example it is possible to remember the Equifax company which had Apache Struts web framework. It was not updated in time that became the reason of theft of 143 million social security numbers (and it, for a minute, the taxpayer identification number as our INN). Also data of the addresses, credit cards and driver's licenses were stolen. And all because it was not hardwired in time it is updated.
Not to fall a victim of hackers, it is necessary to update the protective software or to download the program focused on search of vulnerabilities in other programs and in the operating system in general.
SQL implementation
SQL is the programming language used for communication with databases. Many servers on which are stored important content for websites use SQL for data management in the bases. SQL implementation is the cyber attack which is specially aimed at such server. Using a malicious code, hackers try to interact with the data which are stored on it. It is especially problematic if the server stores information on private clients from the website, such as credit card numbers, user names and passwords (credentials) or other personal information.
XSS or mezhsaytovy skripting
The attack of this kind is based on the placement of the virus code on the website. This code will be started right after the user appears on the website, and the hacker will be able to obtain, thanks to its action, the data entered by the user on this website.
Here the blocking expansions and updates of the browser at which the browser itself will scan the website will help and to warn the user about danger of an Internet resource.
DdoS attack
DdoS is the type of cyber attack extended today at which the huge number of requests for a short period of time is sent for a certain resource (resource server). As a result, at the server it is impossible to cope with such number of incoming requests because of what it begins to brake and be switched off strongly. Hackers for good DdoS of the attack use the special computers zombies integrated for the maximum number of requests in a botnet.
Strategy of protection against cyber attacks
There are several important councils which will minimize cyber attack probability:
- On the computer the antivirus software and a firewall should be always started.
- Software and the operating system need to be updated in process of emergence of official updates.
- If the letter from the stranger came and in this letter there are attached files, you should not open them.
- If the Internet source is unknown, it is not recommended to download or copy from it the program, and precisely is not necessary this program to start.
- Setting passwords on any Internet resources, it is worth making their minimum of 8 characters, and it should be capital and lowercase letters and also punctuation marks and digits.
- It is not necessary to use one, even difficult, the password for all websites.
- Reliable firms and the websites have differ from fraudulent in existence of the encrypted pages with the address of a view https ….
- If the computer or phone were connected to Wi-Fi without password, you should not enter any the Internet resources.
- All important files and documents should be copied to the place reliable and unavailable to others where there is no communication with the Internet.
All this banal and simple, but very effective councils which should be applied already today.
Instead of the conclusion
Practically all vulnerabilities in the computer are created by users therefore the only thing that needs to be made is to follow simple safety rules of data for the Internet and to update the antivirus software.
Of course, computers of ordinary users do not belong to objects of prosecution of hackers (what you will not tell about bank and state Internet resources with data of several million users), however it does not mean that some cybercriminal will not want to crack them.