It’s no secret that your data is a hot commodity. Each day sophisticated cybercriminals attempt to make money by stealing your private information to pose as you, blackmail you, or simply sell your information to someone else who will. If you want to stay in business, you’ll need to be able to thwart these attempts. But to do so, you must understand the increasingly advanced methods hackers use. In this two-part article, we’ll examine the techniques hackers are currently utilizing to try and gain access to your sensitive data.
The fact that hackers might simply guess your passwords probably seems painfully obvious, but the hard truth is that many companies still lack proper password management. If your password is a series of common words, a dictionary attack can use algorithms to cycle through a word database and quickly discover your chosen phrase.
Simply adding some numbers won’t be enough either, as hackers can up the ante with a brute force attack which allows them, with some additional computing power, to cycle through alpha-numeric combinations until they strike gold.
Even when passwords are hashed, or turned into a different string of text to guard against hackers cracking all the passwords in a database, they can still be broken. The most determined and well-equipped hackers can use a form of attack that rebuilds the password, called a rainbow table attack, which can cause hashed passwords to become defenseless. In this type of attack, pre-computed tables are used to recover hashed passwords and reverse them to reduce guessing time and discover complex passwords.
To prevent these, you’ll need to create unique passwords that are more than ten characters long and have a mix of numbers, lowercase and uppercase letters, and symbols for each account. One popular trick for this is to think of a phrase and codify it. For example, “Cousin Greg lives in Seattle” becomes “C0u$iNGr3gLiV3SinS3ATtLE”.
Additionally, you should use multi-factor authentication (MFA) whenever possible. Many services such as Office 365, Facebook, and Google, offer MFA options in their settings. Simply navigating to the settings and opting for the MFA feature is the best way to make sure your password isn’t the only thing standing between an attacker and access to your accounts.
One of the most common methods of data hacking, phishing scams are so effective, they’ve produced many high-profile data breaches including the hacking of Clinton campaign chairman John Podesta, who unknowingly gave up his Gmail password, and Snapchat, where an employee gave up payroll information that led to widespread identity theft.
In a phishing scheme, disguised e-mails are used to lure the recipient into a trap. Posing as a trusted source, such as someone you do business with, your bank, or your email provider, hackers trick you into providing them information directly, clicking a link that leads you to a fake site, or downloading an attachment that then allows them access to your system. One of the oldest tricks in the book, phishing is an evergreen technique that is continuously being re-invented in order to become harder to spot.
The best way to not get hooked in by a phishing scam is to study the way they are being used and stay vigilant. Make sure to check the spelling of URLs in email links and watch out for URL redirects , or being forwarded to a different URL than the one you clicked. Keep your browsers up-to-date to ensure you have the most recent security patches and install anti-phishing toolbars on your browser that can run checks on sites you visit and compare them to a database of known phishing sites. And, of course, never give out personal information over email.
These are two of the most popular ways attackers attempt to gain access to your system, and stay tuned for Part 2 of this article as we dive into three more sophisticated methods cyber attackers are currently using. Concerned you’re not as safe as you thought? Contact Longleaf immediately. Our cybersecurity professionals have the expertise to make sure you’re one step ahead of the latest tricks, scams, and hacks that could threaten your business.