8 Most Common Cybersecurity Threats | Types of Cyber Attacks | Cybersecurity for Beginners | Edureka
Summary
TLDRThis video script by Aria delves into the realm of cybersecurity threats, outlining eight common types including malware, phishing, password attacks, DDoS, man-in-the-middle, drive-by downloads, malvertising, and rogue software. It provides insights into how these threats operate and offers practical advice on prevention, emphasizing the importance of security measures, software updates, and user vigilance to safeguard against the ever-evolving landscape of cyber attacks.
Takeaways
- 😷 Cybersecurity threats are a modern consequence of increased internet connectivity, similar to how pollution arose from the Industrial Revolution.
- 🔒 Malware is an umbrella term for various cyber attacks, including viruses, Trojans, worms, and botnets, which aim to steal data or damage systems.
- 🛡️ Prevention of malware involves avoiding suspicious links and attachments, using updated firewalls, and keeping operating systems current with security patches.
- 🎣 Phishing attacks deceive users into revealing personal information through emails that appear to come from trusted sources but are actually fraudulent.
- 🕵️♂️ Identifying phishing emails can be done by scrutinizing the sender's address, the content's tone, and hovering over links to reveal their true destination.
- 🗝️ Password attacks involve methods like brute force, dictionary attacks, and keyloggers to gain unauthorized access to user accounts.
- 🔄 Regularly updating passwords, using complex combinations, and avoiding common dictionary words can strengthen security against password attacks.
- 🚫 DDoS (Distributed Denial of Service) attacks overwhelm networks with traffic, rendering them inoperable, and can be mitigated by monitoring traffic and maintaining system security.
- 🕴️ Man-in-the-middle attacks intercept data transfers by impersonating both parties in a communication, highlighting the need for encrypted connections.
- 🌐 Drive-by downloads occur when visiting a compromised website can automatically infect a device without user interaction, emphasizing the importance of updated software and cautious browsing.
- 📰 Malvertising involves malware hidden in seemingly normal ads, which can be countered by using ad blockers and maintaining vigilance against suspicious online ads.
- 🤖 Rogue security software tricks users into installing fake antivirus programs that claim to find threats, which can be prevented by skepticism and reliable security measures.
Q & A
What is the relationship between the Industrial Revolution and the current cybersecurity landscape?
-The Industrial Revolution introduced pollution as a byproduct, similarly, the increased Internet connectivity has led to many security vulnerabilities, which in turn has given rise to various cyber attacks exploiting those vulnerabilities.
What is the purpose of the 'Threat Cloud' site mentioned in the script?
-The 'Threat Cloud' site is a platform that visualizes real-time cyber attacks happening globally, showing compromised areas in red and the origin of attacks in yellow, helping users understand the scale and scope of ongoing cyber threats.
What are the eight common cybersecurity threats discussed in the script?
-The script discusses malware, phishing, password attacks, DDoS attacks, man-in-the-middle attacks, drive-by downloads, malvertising, and rogue software as the eight common cybersecurity threats.
What is malware and how does it function?
-Malware is an encompassing term for various cyber attacks, including Trojans, viruses, and worms. It is code with malicious intent, typically designed to steal data or destroy something on the computer. Malware can function in different ways, such as viruses attaching to clean files, Trojans disguising as legitimate software, worms spreading through networks, and botnets working under an attacker's control.
How can individuals and businesses protect themselves against malware?
-Protection against malware involves avoiding clicking on unknown links or downloading attachments from untrusted sources, deploying a robust and updated firewall, and ensuring the computer's operating system is up-to-date with the latest security patches.
What is phishing and how has it evolved?
-Phishing is a cyber attack that often poses as a request for data from a trusted third party, sent via email, asking users to click on a link and enter their personal data. It has evolved to become more sophisticated, making it difficult for users to discern legitimate requests from false ones.
What steps are involved in a phishing attack?
-A phishing attack involves planning, setup, execution, recording of victim-entered information, and identity theft/fraud. The attacker decides on a target, gathers email addresses, creates methods for message delivery and data collection, sends the deceptive message, records the entered data, and uses it for illegal activities.
How can users protect themselves from phishing attacks?
-Users can protect themselves from phishing by being aware of how phishing emails work, checking the sender's email address, hovering over links to see where they redirect, and reporting suspicious emails to administrators.
What are the different types of password attacks?
-There are three common types of password attacks: brute-force attacks, which try possible password combinations systematically; dictionary attacks, which use common words or variations; and keylogger attacks, which record all keystrokes to capture login credentials.
What is a DDoS attack and how does it work?
-A DDoS (Distributed Denial of Service) attack is an attempt to disrupt the service to a network by overwhelming it with traffic. Attackers use multiple computers to send a high volume of data, overloading the system until it can no longer function.
How can organizations prevent DDoS attacks?
-Organizations can prevent DDoS attacks by keeping their systems secure with regular software updates, monitoring online security and data flow for unusual traffic spikes, and ensuring physical security of network connections.
What is a man-in-the-middle attack and how can it be prevented?
-A man-in-the-middle attack is when a hacker impersonates both parties in a communication to intercept sensitive data. It can be prevented by using encrypted wireless access points, checking the security of connections, and using a virtual private network (VPN).
What is drive-by downloading and how can it be avoided?
-Drive-by downloading is when malicious code is unintentionally downloaded onto a device just by visiting a compromised webpage, without the need for user interaction. It can be avoided by not visiting suspicious websites, keeping the browser and operating system updated, using safe search protocols, and employing comprehensive security software.
What is malvertising and how can users protect themselves from it?
-Malvertising is the practice of injecting malware into seemingly normal advertisements. Users can protect themselves by using ad blockers, keeping their browser and related software updated, and exercising caution when encountering suspicious ads.
What is rogue software and how can it be prevented?
-Rogue software is a type of scareware that tricks users into believing their computer is infected and prompts them to pay for a fake malware removal tool. Prevention includes having an updated firewall, using trusted antivirus or anti-spyware software, and maintaining a general level of skepticism on the internet.
Outlines
🔒 Introduction to Cybersecurity Threats
The video script introduces the concept of cybersecurity threats as a modern-day consequence of increased internet connectivity, similar to how pollution arose from the Industrial Revolution. The presenter, Aria, outlines the session's structure, which includes an examination of eight common cybersecurity threats and strategies to mitigate them. Aria also demonstrates the real-time nature of cyber attacks using the 'Threat Cloud' website, emphasizing the ubiquity and immediacy of these threats.
🐴 Understanding Malware and Its Impact
This paragraph delves into the specifics of malware, an umbrella term for various cyber attacks like Trojans, viruses, and worms. Malware is defined as malicious code designed to steal data or cause damage to computer systems. The paragraph explains how different types of malware operate, including viruses that infect clean files, Trojans that disguise themselves as legitimate software, worms that propagate through networks, and botnets that coordinate infected machines. Strategies to combat malware include avoiding suspicious links and attachments, deploying robust firewalls, and keeping operating systems and software up to date with the latest security patches.
🎣 Phishing Attacks: Deception and Identity Theft
Phishing is the focus of this paragraph, which describes it as a sophisticated method of cyber attack where fraudsters impersonate trusted entities to trick users into revealing sensitive information. The paragraph outlines the five steps of a phishing scam, from planning to execution, and the subsequent identity theft and fraud. Aria provides tips to identify phishing attempts, such as inspecting email addresses and hovering over links to reveal their true destination. A demonstration of a phishing attack is also included, showing how easily users can be deceived into entering their credentials on a fake website.
🔑 Password Attacks: Techniques and Prevention
The paragraph discusses password attacks, where hackers attempt to obtain or decrypt user passwords for unauthorized access. It describes three common methods: brute-force attacks that systematically guess passwords, dictionary attacks that use common words, and keylogger attacks that record keystrokes. The paragraph emphasizes the importance of best practices for password security, such as regular updates, using complex combinations of characters, and avoiding dictionary words to enhance protection against such attacks.
📡 DDoS and DoS Attacks: Disrupting Services
This paragraph explains Distributed Denial of Service (DDoS) and Denial of Service (DoS) attacks, which aim to overwhelm a network with traffic, rendering it non-functional. It details how attackers use multiple computers to flood a system with data and the potential consequences of such attacks, including severe legal repercussions. Prevention strategies include maintaining system security with updates, monitoring data flow for unusual traffic, and ensuring physical connections to the internet are secure.
🕵️♂️ Man-in-the-Middle Attacks: Intercepting Communications
Man-in-the-Middle (MITM) attacks are the subject of this paragraph, which describes how attackers impersonate both parties in a communication to intercept sensitive data. The paragraph discusses how MITM attacks exploit unencrypted wireless access points and manipulate address resolution protocols. Prevention measures include using encrypted wireless access points, verifying connection security, and employing a Virtual Private Network (VPN) to safeguard internet browsing.
🚗 Drive-by Downloads: Unintentional Malware Infections
Drive-by downloads are explored in this paragraph, highlighting how simply visiting a compromised website can lead to the unintentional downloading of malware. The paragraph explains the technical process behind these downloads and offers advice on avoiding them, such as staying away from suspicious websites, keeping browsers and operating systems updated, and using security software to protect devices.
📰 Malvertising: The Threat of Criminal Ads
Malvertising, or malicious advertising, is the focus of this paragraph, which describes how criminals use seemingly normal ads to infect users with malware. The paragraph explains the technical sophistication behind malvertising and the simplicity of its presentation to the user. It advises using ad blockers, keeping software updated, and exercising caution when encountering suspicious ads to prevent infection.
🛡 Rogue Security Software: The Scam of Fake Antivirus
The final paragraph addresses rogue security software, a type of scareware that tricks users into believing their computer is infected and prompts them to pay for a fake malware removal tool. The paragraph outlines the tactics used by rogue software, such as deceptive ads, pop-ups, and manipulated search engine results. Prevention strategies include having an updated firewall, installing trusted antivirus software, and maintaining a general level of skepticism when encountering unsolicited warnings or offers online.
Mindmap
Keywords
💡Cybersecurity Threats
💡Malware
💡Phishing
💡Password Attack
💡DDoS Attack
💡Man-in-the-Middle Attack
💡Drive-by Downloads
💡Malvertising
💡Rogue Software
💡Multi-Factor Authentication
💡Firewall
Highlights
Pollution and security vulnerabilities are likened as side effects of the Industrial Revolution and increased Internet connectivity, respectively.
Cyber attacks exploit vulnerabilities and individuals/ businesses use various security measures and common sense to counter them.
The session will cover eight common cybersecurity threats and methods to avoid them.
Demonstration of 'Threat Cloud' shows real-time cyber attacks globally.
Malware is defined and categorized into viruses, Trojans, worms, and botnets.
Preventing malware involves avoiding suspicious links/attachments and deploying updated firewalls and OS security updates.
Phishing is explained as a sophisticated scam often mimicking trusted entities to steal personal data.
Phishing emails are identified by generic addresses, suspicious email origins, and redirect links.
Demonstration of a phishing attack using a fake Facebook login page to harvest credentials.
Password attacks are attempts to obtain or decrypt user passwords using various methods like brute force, dictionary attacks, and keyloggers.
Best practices for passwords include regular updates, use of alphanumeric characters, and avoiding dictionary words.
DDoS (Distributed Denial of Service) attacks explained and how they overload networks causing service disruption.
Prevention of DDoS attacks involves secure systems, software updates, and monitoring data flow for unusual traffic.
Man-in-the-middle attacks explained as intercepting communications to steal sensitive information.
Preventing MITM attacks requires encrypted wireless access points and secure connections.
Drive-by downloads are unintentional malware downloads from visiting compromised websites without user interaction.
Avoiding drive-by downloads includes staying away from suspicious websites and keeping browsers updated.
Malvertising is the use of malicious ads that infect users' devices without their knowledge.
Preventing malvertising includes using ad blockers and avoiding clicking on suspicious ads.
Rogue software is a type of scareware that tricks users into believing their computer is infected and requires payment for a fake removal tool.
Preventing rogue software involves having a firewall, trusted antivirus, and maintaining a healthy level of internet skepticism.
Transcripts
[Music]
just as pollution was a side effect of
the Industrial Revolution so are the
many security vulnerabilities that come
with the increased Internet connectivity
cyber attacks are exploitations of those
vulnerabilities for the most part
individuals and businesses have found
ways to counter cyber attacks using a
variety of security measures and just
good old common sense hi guys my name is
Aria and today's session is all about
cyber security threats we are going to
examine eight of the most common cyber
security threats that your business
could face and the ways to avoid them so
before we actually jump into the session
let me give you how the session will
actually work we are going to discuss
the most eight common cyber threats
we're going to discuss in particular
what they are how the threat works and
how to protect yourself okay so now
let's jump in now cyber attacks are
taking place all the time even as we
speak
the security of some organization big or
small is being compromised for example
if you visit the site out here that is
threat cloud you can actually view all
the cyber attacks that are actually
happening right now let me just give you
a quick demonstration of how that looks
like okay so as you guys can see out
here these are all the places that are
being compromised right now the red
parts actually show us the part that is
being compromised and the yellow places
actually show us from where it's being
compromised strong ok as you guys can
see now that someone from the
Netherlands is actually attacking this
place and someone from USA was attacked
in Mexico it's a pretty interesting site
and actually gives you a scale of how
many cyber attacks are actually
happening all the time in the world
ok now getting back I think looking at
all these types of cyber attacks it's
only necessary that we educate ourselves
about all the types of cyber threats
that we have so these are the 8 cyber
threats that we are going to be
discussing today firstly we're going to
start with malware so malware is an
all-encompassing term for a variety of
cyber attacks including Trojans viruses
and bombs malware is simply defined as
code with malicious intent that
typically steals data or destroy
something on the computer the way
malware
about doing its damage can be helpful in
categorizing what kind of malware you
are dealing with so let's discuss it so
first of all viruses like the biological
namesakes viruses attach themselves to
clean files and infect other clean files
and they can spread uncontrollably
damaging a systems core functionality
and deleting or corrupting files they
usually appear as executable file is
that you might have downloaded from the
internet then there are also Trojans now
this kind of malware disguises itself as
legitimate software or is included in
legitimate software that can be tampered
with it tends to act as creat lis and
creates backdoors in your security to
let other malware sin' then we have
worms worms in fact entire networks of
devices either local or across the
internet by using the network's
interfaces it uses each consecutive
infected machine to infect more and then
we have botnets and such where botnets
are networks of infected computers that
are made to work together under the
controller of an attacker so basically
you can encounter malware if you have
some OS vulnerabilities or if you
download some L legitimate software from
somewhere or you have some other email
attachment that was compromised with
okay so how exactly do you remove
malware or how exactly do you fight
against it well each form of malware has
its own way of infecting and damaging
computers and data and so each one
requires a different malware removal
method the best way to prevent malware
is to avoid clicking on links or
downloading attachments from unknown
senders and this is sometimes done by
deploying a robust and updated firewall
which prevents the transfer of large
data files over the network in a hope to
weed out attachments that may contain
malware it's also important to make sure
your computer's operating system whether
it be Windows Mac OS Linux uses the most
up-to-date security updates and software
programmers update programs frequently
to address any holes or weak points and
it's important to install all these
updates as well as to decrease your own
system weaknesses so next up on our list
of cyber threats we have phishing
so what exactly is phishing well often
posing as a request for data from a
trusted third party phishing attacks are
sent via email and ask users to click on
a link and enter their personal data
phishing emails have gotten much more
sophisticated in recent
and making it difficult for some people
to discern a legitimate request for an
information from a false one
now phishing emails often fall into the
same category as spam but are way more
harmful than just a simple ad so how
exactly does phishing book well most
people associate phishing with email
message that spoof or mimic bank credit
card companies or other businesses like
Amazon eBay and Facebook these messages
look authentic and attempt to get
victims to reveal their personal
information but email messages are only
one small piece of a phishing scam from
beginning to end the process involves
five steps the first step is planning
the fissure must decide which business
to target and determine how to get email
addresses for the customers of that
business then they must go through the
setup phase once they know which
business to spoof and who their victims
are Fisher's create methods for
delivering the messages and collecting
the data then they have to execute the
attack and this is the step most people
are familiar with that is the Fisher
sends the phony message that appears to
be from a reputable source
after that the Fisher records the
information the victims enter into the
webpage or pop-up windows and in the
last step which is basically identity
theft and fraud the Fisher's use the
information they've gathered to make
illegal purchases or otherwise commit
fraud and as many as 1/4 of the victims
never fully recover so how exactly can
you be actually preventing yourself from
getting fished well the only thing that
you can do is being aware of how
phishing emails actually work so first
of all a phishing email has some very
specific properties so firstly you will
have something like a very generalized
way of addressing someone like your
client then your message will not be
actually from a very reputable source so
out here as you can see it's written as
Amazon on the label but if you actually
inspect the email address that it came
from its from management at maison
canada dot CA which is not exactly your
legitimate Amazon address third you can
actually hover over the redirect links
and see where they actually redirect you
to now this redirects me to wwf/e
amazon.com as you can see out here so
basically you know this is actually a
phishing
and you should actually report this
email to your administrators or anybody
else that you think is supposed to be
concerned with this also let me give you
guys a quick demonstration on how
phishing actually works from the
perspective of an attacker so first of
all I have actually created a phishing
website for harvesting Facebook
credentials I simply just took the
source code of the facebook login page
and pasted it and then made a back-end
code in PHP which makes a log file of
all the Facebook passwords that get
actually entered onto the phishing page
now I've also sent myself an email as to
make sure this looks legitimate but this
is only for spreading awareness so
please don't use this method for
actually harvesting credentials that's
actually a very legal thing to do so
let's get started first of all you will
go to your email and see that you get
some email saying the our Facebook
credentials has been compromised
so when you open it it looks pretty
legit well I haven't made it look all
that legit it should look legit but the
point out here is to actually make you
aware of how this works
so as you guys can see it says dear
client we have strong reasons to believe
that your credentials may have been
compromised and might have been used by
someone else we have locked your
Facebook account please click here to
unlock sincerely Facebook associate team
so if we actually click here we are
actually redirected to a nice-looking
Facebook page which is exactly how
Facebook looks like when you're logging
in now suppose I were to actually log in
to my Facebook account which I won't
I'll just use some random ID like this
is an email address email com and let's
put password as admin one two three and
we click login now since my facebook is
actually already logged in it'll just
redirect to facebook.com and you might
just see me logged in but on a normal
computer it'll just redirect you to
www.facebook.com which should just show
this site again okay so once I click log
in out here all that the backend code
that I've written in PHP out here will
do
is that it's gonna take all the
parameters that have entered into this
website that is my email address and
password and just generate a log file
about so let's just hit login and see
what happens so as you guys can see I've
been redirected to the original Facebook
page that is not meant for phishing and
on my system out here I have a log file
and this log file will show exactly as
you can see I've fished out the email
address this is an email address email
comm and it's also showed the password
that is admin one two three so this is
how exactly phishing works you enter an
email address and you're entering the
email address on a phishing website and
then it just redirects you to the
original site but by this time you've
already compromised your credentials so
always be careful when dealing with such
emails so now jumping back to our
session the next type of cyber attacks
we are going to discuss is pass with the
docs so an attempt to obtain or decrypt
a user's password for illegal use is
exactly what a password attack is
hackers can use cracking programs
dictionary attacks and password sniffers
and password attacks password cracking
refers to various measures used to
discover computer passwords this is
usually accomplished by recovering
passwords from data stored in or
transported from a computer system
password cracking is done by either
repeatedly guessing the password usually
through a computer algorithm in which
the computer tries numerous combinations
until the password is successfully
discovered now password attacks can be
done for several reasons but the most
malicious reason is in order to gain
unauthorized access to a computer with
the computer's owners awareness not
being in place now this results in
cybercrime such as stealing passwords
for the purpose of accessing bank
information now today there are three
common methods used to break into a
password-protected system the first is a
brute-force attack a hacker uses a
computer program or script to try to log
in with possible password combinations
usually starting with the easiest to
guess password so just think if a hacker
has a company list he or she can easily
guess user names if even one of the
users has a password one two three he
will quickly be able to get in the next
our dictionary attacks now a hacker uses
a program or script
try to login by cycling through the
combinations of common woods in contrast
with brute-force attacks where a large
proportion key space is searched
systematically a dictionary attack try
is only those possibilities which are
most likely to succeed
typically derive from a list of words
for example a dictionary generally
dictionary attacks succeed because most
people have a tendency to choose
passwords which are short or such as
single words found in the dictionaries
or simple easy predicted variations on
words such as appending a digit also now
the last kind of password attacks are
used by keylogger attacks a hacker uses
a program to track all of the user's
keystrokes so at the end of the day
everything the user has typed including
the login IDs and passwords have been
recorded a key logger attack is
different than a brute-force or
dictionary attack in many ways not the
least of which the key login program
used is a malware that must first make
it onto the user's device and the key
logger attacks are also different
because stronger passwords don't provide
much protection against them which is
one reason that multi-factor
authentication is becoming a must-have
for all businesses and organizations now
the only way to stop yourself from
getting killed in the whole password
attack conundrum is by actually
practicing the best practices that are
being discussed in the whole industry
about passwords so basically you should
update your password regularly you
should use alpha numerics in your
password and you should never use words
that are actually in the dictionary it's
always advisable to use garbage words
that makes no sense for passwords as
they just increase your security so
moving on we're going to discuss DDoS
attacks so what exactly is a DDoS or a
DOS attack well first of all it stands
for distributed denial of service and a
dos attacks focuses on disrupting the
service to a network as the name
suggests attackers send high volume of
data of traffic through the network
until the network becomes overloaded and
can no longer function so there are a
few different ways attackers can achieve
dos attack but the most common is the
distributed denial of service attack
this involves the attacker using
multiple computers to send the traffic
or data that will overload the system in
many instances a person may not even
realize that his or her computer has
been hijacked and a
contributing to the DOS attack now
disrupting services can have serious
consequences relating to security and
online access many instances of
large-scale dos attacks have been
implemented as a single sign of protests
towards governments or individuals and
have led to severe punishment including
major jail time so how can you prevent
dos attacks against yourself well
firstly unless your company is huge it's
rare that you would be even targeted by
an outside group or attackers for a DOS
attack your site or network could still
fall victim to one however if another
organization on your network is targeted
now the best way to prevent an
additional breach is to keep your system
as secure as possible with regular
software updates online security
monitoring and monitoring of your data
flow to identify any unusual or
threatening spikes in traffic before
they become a problem
dos attacks can also be perpetrated by
simply cutting a table or dislodging a
plug that connects your website server
to the Internet so due diligence in
physically monitoring your connections
is recommended as well okay so next up
on a list is man-in-the-middle attacks
so by impersonating the endpoints in an
online information exchange the
man-in-the-middle attack can obtain
information from the end user and the
entity he or she is communicating with
for example if you are banking online
the man in the middle would communicate
with you by impersonating your bank and
communicate with the bank by
impersonating you the man in the middle
would then receive all of the
information transferred between both
parties which could include sensitive
data such as bank accounts and personal
information so how does it exactly work
normally an MIT M gains access through a
non encrypted wireless access point
which is basically one that doesn't use
WEP WPA or any of the other security
measures then they would have to access
all the information being transferred
between both parties by actually
spoofing something called address
resolution protocol that is the protocol
that is used when you are actually
connecting to your gateway from your
computer so how can you exactly prevent
MIT M attacks from happening against you
firstly you have to use an encrypted W
AP that is an encrypted wireless access
point
next you should always check the
security of your connection because when
somebody is actually trying to
compromise your security he will try to
actually strip down the SC DPS or SSDs
that is being injected in the website
which is basically the security
protocols so if something like this
HTTPS is not appearing in your website
you're on an insecure website where your
credentials or your information can be
compromised and the last and final
measure that you can actually use is by
investing in a virtual private network
which spoofs your entire IP and you can
just browse the Internet
with perfect comfort next up on our list
is drive-by downloads so gone are the
days where you have to click to accept a
download or install a software update in
order to become infected
now just opening a compromised webpage
could allow dangerous code to install on
your device you just need to visit or
drive by a webpage without stopping or
to click accept any software add the
malicious code can download in the
background to your device a drive-by
download refers to the unintentional
download of a virus or malicious
software onto your computer or mobile
device a drive-by download will usually
take advantage or exploit a browser or
app or operating system that is out of
date and has security flaws this initial
code that is downloaded it is often very
small and since this job is often simply
to contact another computer of where it
can pull down the rest of the code onto
your smartphone tablet or other
computers often a web page will contain
several different types of malicious
code in hopes that one of them will
match a weakness on your computer so how
does this exactly work
well first you visit the site and during
the 3-way handshake connection of the
tcp/ip protocol a Bacchan script is
triggered as soon as a connection is
made vile the last ACK packet is sent a
download is also triggered and the
malware is basically injected into your
system now the best advice I can share
about avoiding drive-by downloads is to
avoid visiting websites that could be
considered dangerous or malicious this
includes adult content file sharing
websites or anything that offers you a
free trip to the Bahamas now some other
tips to stay protected include keep your
internet browser and operating system
up-to-date
use a safe search protocol that warns
you when to navigate to a malicious site
and use comprehensive security software
on all your devices like McAfee
all-access and keeping it up to date
okay so that was it about drive-by
downloads next up is my lad vert icing
or malvert icing so malvert icing is the
name we in the security industry give to
criminally controlled advertisements
which intentionally infect people and
businesses these can be any ad on any
site often ones which you use as a part
of your everyday internet usage and it
is a growing problem as is evident by a
recent US Senate report and the
establishment of bodies like trust in
ads now whilst the technology being used
in the background is very advanced the
way it presents to the person being
infected is simple to all intents and
purposes the advertisement looks the
same as any other but has been placed by
criminal like you can see the mint ad
out here it's really out of place so you
could say it's been made by a criminal
now without your knowledge a tiny piece
of code hidden deep in the advertisement
is making your computer go to the
criminal servers these and catalog
details about your computer and its
location before choosing which piece of
malware to send you and this doesn't
need a new browser window and you won't
know about it so basically you're
redirected to some criminal server the
malware injection takes place and voila
you're infected it's a pretty dangerous
thing to be in so how exactly can you
stop magnetising well first of all you
need to use an ad blocker which is a
very must in this day and age you can
have ad blocker extensions installed on
your browser whether it be Chrome Safari
or Mozilla also regular software updates
of your browser and other software's
that work peripheral to your browser
always help and next is some common
sense any advertisement that is about
lottery that's offering you free money
is probably going to scam you and inject
malware too so never click on those ads
so the last kind of cyberattacks we are
going to discover today and discuss
about is rogue software so rogue
security software is a form of malicious
software and Internet fraud that
misleads users into believing that there
is a virus on their computer and
manipulates them into paying money for a
fake malware removal tool it is a form
of scare that manipulates users through
fear and a form of ransomware rogue
security software has been a serious
security threat in desktop computing
since 2008 so now how does a rogue
security software book these scams
manipulating users into download the
program through a variety of techniques
some of these methods include ads
offering free or trial versions of
security programs often pricey upgrades
are encouraging the purchase of the
deluxe versions then also pop-ups
warning that your computer is infected
with the virus which encourages you to
clean it by clicking on the program and
then manipulated SEO rankings that put
infected website as the top hits when
you search these links then read
directly to a landing page that claims
your machine is infected and encourages
you a free trial of the rogue security
program
now once the scareware is installed it
can steal all your information slow your
computer or corrupt your files disable
updates for Less limit antivirus
software or even prevent you from
visiting less timet security software
vendor sites while talking about
prevention the best defense is a good
offense and in this case an updated
firewall makes sure that you have a
working one in your office that protects
you and your employees from these type
of attacks it is also a good idea to
install a trusted antivirus or anti
spyware software program that can detect
threats like these and also a general
level of distrust on the internet and
not actually believing anything right
off the bat is the way to go ok guys so
that was me about all the a different
types of cyber threats and how they
actually work and how you could prevent
them I also hope you enjoyed the
demonstration I showed about phishing
that's it for me goodbye
I hope you have enjoyed listening to
this video please be kind enough to like
it and you can comment any of your
doubts and queries and we will reply
them at the earliest do look out for
more videos in our playlist and
subscribe to any rekha channel to learn
more happy learning
Weitere ähnliche Videos ansehen
Cara Mengamankan Website dari Serangan Hacker | IDCloudHost
15 Types Of Cyber Attacks To Look Out For
KEAMANAN JARINGAN | 3.1.3 JENIS DAN TAHAPAN SERANGAN KEAMANAN JARINGAN - FASE F (SMK TJKT)
Malicious Software
What Is Cyber Security | How It Works? | Cyber Security In 7 Minutes | Cyber Security | Simplilearn
37. OCR GCSE (J277) 1.4 Preventing vulnerabilities
5.0 / 5 (0 votes)