Demystifying hacking attacks

Rakesh Thatha ArrayShieldMany organizations protect their infrastructure with a simple username and password. Entering this information grants access to organization’s sensitive data that is present in servers, databases, applications, email accounts, and other places. But it is widely acknowledged by Information Security Experts that passwords are notoriously insecure. Many users choose weak passwords which can be easily guessed or cracked. When password policies are enforced, users end up noting down their passwords on Post-It notes, mobiles, email or on their laptops which is serious security vulnerability.

In a nutshell, passwords are not sufficient for protecting organization’s data as
– Easy passwords can be cracked
– Random passwords can’t be remembered
– Same passwords are used at multiple places
– Passwords that needs to be continuously changed are not user-friendly

We are all aware that being careless with passwords, has resulted in organizations of all sizes including Fortune 500 and Government, witnessing multiple hacking attacks. This is a cause for concern when you consider the cost associated with a data breach has reached an estimate of $ 6.6 million.

Additionally, government regulations such as Sarbanes-Oxley, PCI Data Security Standard, US Data
Breach Notification Laws and others have been put in place to protect access to corporate networks.

Failure to meet requirements that call for the implementation of two-factor authentication could result in regulatory fines and irreversible damage to a brand’s reputation.

To understand more about hacking attacks, let us take a look at the various hacking vectors that compromise traditional authentication mechanisms.

Keyloggers: Keyloggers are applications or hardware devices that monitor a user’s keystrokes and sends this information back to the malicious user over internet. Hardware Keyloggers are small inline devices placed between the keyboard and the computer. The other kind of Keyloggers are Software Keyloggers, these are also referred as spywares. Spyware usually gets into the computer through banner ad-based software where the user is enticed to install the software for free.

Real-time replay attack: Malware sits inside a user’s browser and waits for the user to log into a bank. During login, the malware copies the user’s ID, password and OTP, sends them to the attacker and stops the browser from sending the login request to the bank’s website, telling the user that the service is “temporarily unavailable.” The fraudster immediately uses the User ID, password and OTP to log in and drain the user’s accounts.

Man in the browser attack: Malware overwrites transactions sent by a user to the online banking website with the criminal’s own transactions. This overwrite happens behind the scenes so that the user does not see the revised transaction values. This way, neither the user nor the bank realizes that the data sent to the bank has been altered.

Phishing: The attacker targets users and fools them into entering their credentials into a fake web site. This usually occurs when a criminal sends an email impersonating a customer service organization and asks recipients to click on a URL to perform account maintenance or verification. The link takes them to a fraudulent site, which prompts them for their valid credentials.

Pharming: The attacker poisons the DNS server and redirects users to the fraudulent web site. Users do not suspect anything because the redirect happens even when the user selects the web site from a saved favorite or actually types in the correct URL.

Shoulder surfing: Shoulder surfing is looking over someone’s shoulder, to get information about his identity. Shoulder surfing is an effective way to get information in crowded places because it is easy to stand next to someone and watch as they fill out a form. Shoulder surfing becomes a serious problem both in cases user enters password directly or if the user is entering the password through a virtual keyboard. In the case of virtual keyboard it is relatively easy for the hacker to see the mouse clicks on the screen.

Guessing: Guessing is the simplest attack that a hacker can do on a User Authentication system. One of the main problems with the username-password system is ‘selection of password’ itself. Studies show that users always pick passwords which are short and easy to remember. Often it is very easy to break the user’s password, if the personal information about him/her is known and more often than not, it is widely known

Social engineering: Social engineering is the act of manipulating people to reveal their private details, rather than by breaking in or using technical cracking techniques. Examples of the same is to access the user’s social media accounts or call them over phone and know more about the user personal details and possibly authentication credentials.

BruteForce attack: In a Bruteforce attack, an intruder or hacker tries all possible combinations to crack the secret of the user. The hacker will do an exhaustive search on the complete space to find the secret of the user.

Dictionary attack: Dictionary attack is improved version of Bruteforce attack. In Dictionary attack, instead of searching all possible combinations the hacker will search only the possibilities which are most likely to be selected by the user.

As we see, all the above mentioned scenarios make it very difficult for organizations to protect their sensitive data from the hands of hackers and competitors. Hence, security experts worldwide suggest the usage of a strong, two-factor authentication to protect organizations assets. The same is also recommended by various compliances/certifications like PCI-DSS, HIPAA, SAS 70, ISO 27001 and others. It’s only if organizations implement these suggestions will they be able to keep hackers at bay.

The author, Rakesh Thatha, is Co-Founder & CTO at ArrayShield Technologies. Rakesh’s Twitter handle is @rakeshthatha

Your say
Sign in to post a comment, or Sign up for an account.
Slim Pro I got a complete makeover with this fantastic product. Slim Pro has got great benefits for your body. Go for it if your want to have the best for you.Feel Great With Protein! - Slim Pro ... 14 Apr 2014, Alliya
Jika saat ini anda mempunyai rencana untuk melakukan perjalanan wisata, maka anda bisa mendapatkan layanan paket wisata terbaik di sini dengan harga termurah. Aneka Pilihan Wisata Murah di gunung bromo. Kalau anda sudah punya rencana silahkan hubungi kami dan baca Info lengkapnya
Bagi anda yang membutuhkan pashmina cantik untuk aktifitas sehari-hari anda, kami menyediakan berbagai motif pashmina yang sangat indah. Silahkan hubungi kami daftar penjual pashmina online. Mau melihat koleksi pashmina kami? Silahkan baca berita terbarunya
Adapun koleksi batik pekalongan semakin diminati saat ini, berbagai motif dan model menjadi incaran di pasaran saat ini pusat grosir batik pekalongan. Tertarik untuk melihat aneka ragam pilihan batik pekalongan?klik di sini
Kata-kata cinta romantis begitu indah akan mempesona hati dari kekasih anda. Jika anda ingin mendapatkan koleksi kata mutiara yang paling ampuh, silahkan baca di daftar kumpulan kata-kata cinta. Mau melihat kumpulan kata mutiara yang terbaik untuk pasangan kekasih yang romantis? junjungi halaman berikut
saat ini kehidupan pernikahan suami isteri kerap dihadapkan pada permasalah di mana mereka menemui kebosanan dan membutuhkan variasi. Dr.Boyke menyarankan agar pasangan menggunakan obat atau alat bantu untuk membantu variasi kehidupan seksual mereka….Alat bantu seksual untuk pria idaman istri. Dapatkan produk berkualitas untuk obat kuat pria dan perangsang wanita, lihat koleksi kami
Bagi teman-teman wanita yang membutuhkan banyak tips seputar kehidupan wanita bisa mendapatkannya di sini. Kami mempunyai banyak tips kecantikan dan kesehatan wanita di cantik tanpa kosmetik. Ingin info lengkap dan terbaik? Dapatkan info selengkapnya
Untuk membantu banyak orang dalam mempelajari dunia web, maka kami mencoba untuk memberikan beberapa panduan blogging yang sangat sesuai bagi para pemula. Temukan tips dan tutorial selengkapnya di sini….cara membuat blog sendiri. Pelajari cara membuat blog yang bersaing di SERP, kunjungi website
Outbound training adalah pelatihan yang ditujukan untuk membentuk kerjasama antar individu di dalam sebuah tim. Saat ini tempat pelatihan outbound yang paling terkenal adalah di bogor. Dapatkan info info training outbound di puncak bogor. Mau tahu program pelatihan outbound yang terbaru? Lihat info terbaru dari kami
Kami adalah jasa travel dan rental mobil yang sudah sangat berpengalaman di kota padang. Jika anda membutuhkan paket perjalanan wisata di wilayah sumatera barat, segera hubungi kami pelangi holidays. rental mobil xenia di kota padang. Butuh travel wisata berpengalaman di padang? Silahkan di baca
Beragam model jaket korea saat ini semakin diminati. Jika anda membutuhkan berbagai koleksi dengan tampilan yang menarik dan harga terjangkau dengan bahan fleece berkualitas jaket couple korea yang keren. Dapatkan info lengkap tentang produk jaket korea yang terbaik dan lihat info lengkapnya
Apakah anda membutuhkan pengobatan tradisional untuk penyakit sesak nafas atau yang biasa disebut sebagai asma? Jika ya maka kami memyediakan pengobatan yang alami tips mengatasi asma secara alami. Apakah anda ingin mencoba produk herbal untuk asma anda?pilih produk yang anda inginkan
Sprei untuk kenyamanan tidur anda sangatlah penting. Jangan memili sprei atau bed cover sembarangan karena bisa jadi anda merasa rugi membelinya. Seringkali sprei berkualitas justru diperoleh dari industri rumahan. sprei dan sarung bantal dijual online. Lihat koleksi sprei dan bed cover kamiclick here
pacar kuku adalah koleksi yang bisa membantu penampilan anda untuk terlihat lebih cantik tapi siap dibersihkan kapan saja saat anda ingin sholat. Ini sangat praktis bagi anda kaum muslimah yang dinamis. butuh rani kone henna?. Lihat koleksi pacar kuku dan kutek kami. read more
... 13 Apr 2014, Wiwik
I check out this strategy, for sure many will use it! ... 2 Apr 2014, Iomyhall
I know what you mean about this kind of attacks, I am quite impressed! ... 31 Mar 2014, Janicetre
Sometimes it is not so easy to do it, but at least we have the duty to try ... 26 Mar 2014, Joanedoned