8 Most Common Cybersecurity Threats | Types of Cyber Attacks | Cybersecurity for Beginners | Edureka

00:00

[Music]

00:06

just as pollution was a side effect of

00:09

the Industrial Revolution so are the

00:11

many security vulnerabilities that come

00:13

with the increased Internet connectivity

00:14

cyber attacks are exploitations of those

00:17

vulnerabilities for the most part

00:19

individuals and businesses have found

00:21

ways to counter cyber attacks using a

00:23

variety of security measures and just

00:26

good old common sense hi guys my name is

00:28

Aria and today's session is all about

00:30

cyber security threats we are going to

00:32

examine eight of the most common cyber

00:34

security threats that your business

00:36

could face and the ways to avoid them so

00:39

before we actually jump into the session

00:40

let me give you how the session will

00:42

actually work we are going to discuss

00:44

the most eight common cyber threats

00:46

we're going to discuss in particular

00:47

what they are how the threat works and

00:49

how to protect yourself okay so now

00:52

let's jump in now cyber attacks are

00:54

taking place all the time even as we

00:56

speak

00:57

the security of some organization big or

00:59

small is being compromised for example

01:02

if you visit the site out here that is

01:04

threat cloud you can actually view all

01:06

the cyber attacks that are actually

01:08

happening right now let me just give you

01:10

a quick demonstration of how that looks

01:12

like okay so as you guys can see out

01:14

here these are all the places that are

01:17

being compromised right now the red

01:18

parts actually show us the part that is

01:21

being compromised and the yellow places

01:24

actually show us from where it's being

01:26

compromised strong ok as you guys can

01:28

see now that someone from the

01:30

Netherlands is actually attacking this

01:32

place and someone from USA was attacked

01:34

in Mexico it's a pretty interesting site

01:36

and actually gives you a scale of how

01:38

many cyber attacks are actually

01:39

happening all the time in the world

01:41

ok now getting back I think looking at

01:43

all these types of cyber attacks it's

01:45

only necessary that we educate ourselves

01:47

about all the types of cyber threats

01:49

that we have so these are the 8 cyber

01:52

threats that we are going to be

01:53

discussing today firstly we're going to

01:55

start with malware so malware is an

01:58

all-encompassing term for a variety of

02:00

cyber attacks including Trojans viruses

02:03

and bombs malware is simply defined as

02:06

code with malicious intent that

02:08

typically steals data or destroy

02:10

something on the computer the way

02:12

malware

02:13

about doing its damage can be helpful in

02:15

categorizing what kind of malware you

02:17

are dealing with so let's discuss it so

02:19

first of all viruses like the biological

02:22

namesakes viruses attach themselves to

02:24

clean files and infect other clean files

02:26

and they can spread uncontrollably

02:27

damaging a systems core functionality

02:30

and deleting or corrupting files they

02:32

usually appear as executable file is

02:34

that you might have downloaded from the

02:35

internet then there are also Trojans now

02:37

this kind of malware disguises itself as

02:40

legitimate software or is included in

02:42

legitimate software that can be tampered

02:44

with it tends to act as creat lis and

02:46

creates backdoors in your security to

02:48

let other malware sin' then we have

02:50

worms worms in fact entire networks of

02:53

devices either local or across the

02:55

internet by using the network's

02:56

interfaces it uses each consecutive

02:59

infected machine to infect more and then

03:01

we have botnets and such where botnets

03:03

are networks of infected computers that

03:05

are made to work together under the

03:07

controller of an attacker so basically

03:09

you can encounter malware if you have

03:11

some OS vulnerabilities or if you

03:13

download some L legitimate software from

03:15

somewhere or you have some other email

03:17

attachment that was compromised with

03:20

okay so how exactly do you remove

03:22

malware or how exactly do you fight

03:24

against it well each form of malware has

03:27

its own way of infecting and damaging

03:29

computers and data and so each one

03:31

requires a different malware removal

03:32

method the best way to prevent malware

03:35

is to avoid clicking on links or

03:36

downloading attachments from unknown

03:38

senders and this is sometimes done by

03:40

deploying a robust and updated firewall

03:42

which prevents the transfer of large

03:44

data files over the network in a hope to

03:46

weed out attachments that may contain

03:48

malware it's also important to make sure

03:50

your computer's operating system whether

03:52

it be Windows Mac OS Linux uses the most

03:55

up-to-date security updates and software

03:57

programmers update programs frequently

03:59

to address any holes or weak points and

04:02

it's important to install all these

04:03

updates as well as to decrease your own

04:05

system weaknesses so next up on our list

04:08

of cyber threats we have phishing

04:10

so what exactly is phishing well often

04:13

posing as a request for data from a

04:15

trusted third party phishing attacks are

04:18

sent via email and ask users to click on

04:20

a link and enter their personal data

04:22

phishing emails have gotten much more

04:25

sophisticated in recent

04:26

and making it difficult for some people

04:28

to discern a legitimate request for an

04:31

information from a false one

04:33

now phishing emails often fall into the

04:35

same category as spam but are way more

04:37

harmful than just a simple ad so how

04:40

exactly does phishing book well most

04:43

people associate phishing with email

04:45

message that spoof or mimic bank credit

04:48

card companies or other businesses like

04:50

Amazon eBay and Facebook these messages

04:53

look authentic and attempt to get

04:55

victims to reveal their personal

04:56

information but email messages are only

04:59

one small piece of a phishing scam from

05:01

beginning to end the process involves

05:03

five steps the first step is planning

05:05

the fissure must decide which business

05:07

to target and determine how to get email

05:09

addresses for the customers of that

05:11

business then they must go through the

05:14

setup phase once they know which

05:16

business to spoof and who their victims

05:18

are Fisher's create methods for

05:20

delivering the messages and collecting

05:21

the data then they have to execute the

05:23

attack and this is the step most people

05:26

are familiar with that is the Fisher

05:27

sends the phony message that appears to

05:29

be from a reputable source

05:31

after that the Fisher records the

05:33

information the victims enter into the

05:35

webpage or pop-up windows and in the

05:37

last step which is basically identity

05:39

theft and fraud the Fisher's use the

05:41

information they've gathered to make

05:42

illegal purchases or otherwise commit

05:44

fraud and as many as 1/4 of the victims

05:47

never fully recover so how exactly can

05:50

you be actually preventing yourself from

05:52

getting fished well the only thing that

05:55

you can do is being aware of how

05:56

phishing emails actually work so first

05:59

of all a phishing email has some very

06:01

specific properties so firstly you will

06:04

have something like a very generalized

06:06

way of addressing someone like your

06:07

client then your message will not be

06:11

actually from a very reputable source so

06:13

out here as you can see it's written as

06:16

Amazon on the label but if you actually

06:18

inspect the email address that it came

06:20

from its from management at maison

06:22

canada dot CA which is not exactly your

06:24

legitimate Amazon address third you can

06:26

actually hover over the redirect links

06:29

and see where they actually redirect you

06:30

to now this redirects me to wwf/e

06:34

amazon.com as you can see out here so

06:37

basically you know this is actually a

06:39

phishing

06:40

and you should actually report this

06:42

email to your administrators or anybody

06:44

else that you think is supposed to be

06:46

concerned with this also let me give you

06:48

guys a quick demonstration on how

06:50

phishing actually works from the

06:52

perspective of an attacker so first of

06:56

all I have actually created a phishing

06:59

website for harvesting Facebook

07:01

credentials I simply just took the

07:05

source code of the facebook login page

07:07

and pasted it and then made a back-end

07:09

code in PHP which makes a log file of

07:12

all the Facebook passwords that get

07:15

actually entered onto the phishing page

07:16

now I've also sent myself an email as to

07:20

make sure this looks legitimate but this

07:23

is only for spreading awareness so

07:25

please don't use this method for

07:26

actually harvesting credentials that's

07:29

actually a very legal thing to do so

07:31

let's get started first of all you will

07:33

go to your email and see that you get

07:36

some email saying the our Facebook

07:38

credentials has been compromised

07:39

so when you open it it looks pretty

07:42

legit well I haven't made it look all

07:44

that legit it should look legit but the

07:47

point out here is to actually make you

07:48

aware of how this works

07:49

so as you guys can see it says dear

07:51

client we have strong reasons to believe

07:53

that your credentials may have been

07:54

compromised and might have been used by

07:56

someone else we have locked your

07:58

Facebook account please click here to

08:00

unlock sincerely Facebook associate team

08:03

so if we actually click here we are

08:06

actually redirected to a nice-looking

08:09

Facebook page which is exactly how

08:11

Facebook looks like when you're logging

08:13

in now suppose I were to actually log in

08:16

to my Facebook account which I won't

08:18

I'll just use some random ID like this

08:20

is an email address email com and let's

08:25

put password as admin one two three and

08:28

we click login now since my facebook is

08:32

actually already logged in it'll just

08:34

redirect to facebook.com and you might

08:36

just see me logged in but on a normal

08:38

computer it'll just redirect you to

08:40

www.facebook.com which should just show

08:43

this site again okay so once I click log

08:46

in out here all that the backend code

08:48

that I've written in PHP out here will

08:50

do

08:51

is that it's gonna take all the

08:54

parameters that have entered into this

08:55

website that is my email address and

08:58

password and just generate a log file

09:00

about so let's just hit login and see

09:02

what happens so as you guys can see I've

09:04

been redirected to the original Facebook

09:07

page that is not meant for phishing and

09:09

on my system out here I have a log file

09:14

and this log file will show exactly as

09:17

you can see I've fished out the email

09:19

address this is an email address email

09:21

comm and it's also showed the password

09:23

that is admin one two three so this is

09:26

how exactly phishing works you enter an

09:28

email address and you're entering the

09:31

email address on a phishing website and

09:33

then it just redirects you to the

09:35

original site but by this time you've

09:37

already compromised your credentials so

09:39

always be careful when dealing with such

09:41

emails so now jumping back to our

09:43

session the next type of cyber attacks

09:45

we are going to discuss is pass with the

09:47

docs so an attempt to obtain or decrypt

09:50

a user's password for illegal use is

09:53

exactly what a password attack is

09:55

hackers can use cracking programs

09:57

dictionary attacks and password sniffers

09:59

and password attacks password cracking

10:01

refers to various measures used to

10:03

discover computer passwords this is

10:05

usually accomplished by recovering

10:07

passwords from data stored in or

10:09

transported from a computer system

10:10

password cracking is done by either

10:13

repeatedly guessing the password usually

10:15

through a computer algorithm in which

10:16

the computer tries numerous combinations

10:18

until the password is successfully

10:20

discovered now password attacks can be

10:22

done for several reasons but the most

10:24

malicious reason is in order to gain

10:26

unauthorized access to a computer with

10:28

the computer's owners awareness not

10:30

being in place now this results in

10:32

cybercrime such as stealing passwords

10:34

for the purpose of accessing bank

10:36

information now today there are three

10:38

common methods used to break into a

10:40

password-protected system the first is a

10:42

brute-force attack a hacker uses a

10:44

computer program or script to try to log

10:47

in with possible password combinations

10:49

usually starting with the easiest to

10:50

guess password so just think if a hacker

10:52

has a company list he or she can easily

10:55

guess user names if even one of the

10:57

users has a password one two three he

10:59

will quickly be able to get in the next

11:01

our dictionary attacks now a hacker uses

11:03

a program or script

11:05

try to login by cycling through the

11:06

combinations of common woods in contrast

11:09

with brute-force attacks where a large

11:10

proportion key space is searched

11:12

systematically a dictionary attack try

11:15

is only those possibilities which are

11:17

most likely to succeed

11:18

typically derive from a list of words

11:20

for example a dictionary generally

11:22

dictionary attacks succeed because most

11:24

people have a tendency to choose

11:26

passwords which are short or such as

11:29

single words found in the dictionaries

11:30

or simple easy predicted variations on

11:32

words such as appending a digit also now

11:35

the last kind of password attacks are

11:37

used by keylogger attacks a hacker uses

11:40

a program to track all of the user's

11:41

keystrokes so at the end of the day

11:43

everything the user has typed including

11:45

the login IDs and passwords have been

11:47

recorded a key logger attack is

11:49

different than a brute-force or

11:50

dictionary attack in many ways not the

11:52

least of which the key login program

11:55

used is a malware that must first make

11:57

it onto the user's device and the key

12:00

logger attacks are also different

12:01

because stronger passwords don't provide

12:03

much protection against them which is

12:05

one reason that multi-factor

12:06

authentication is becoming a must-have

12:08

for all businesses and organizations now

12:11

the only way to stop yourself from

12:13

getting killed in the whole password

12:15

attack conundrum is by actually

12:17

practicing the best practices that are

12:19

being discussed in the whole industry

12:21

about passwords so basically you should

12:23

update your password regularly you

12:25

should use alpha numerics in your

12:27

password and you should never use words

12:29

that are actually in the dictionary it's

12:30

always advisable to use garbage words

12:33

that makes no sense for passwords as

12:35

they just increase your security so

12:38

moving on we're going to discuss DDoS

12:40

attacks so what exactly is a DDoS or a

12:44

DOS attack well first of all it stands

12:47

for distributed denial of service and a

12:50

dos attacks focuses on disrupting the

12:52

service to a network as the name

12:53

suggests attackers send high volume of

12:55

data of traffic through the network

12:57

until the network becomes overloaded and

12:59

can no longer function so there are a

13:01

few different ways attackers can achieve

13:03

dos attack but the most common is the

13:05

distributed denial of service attack

13:07

this involves the attacker using

13:09

multiple computers to send the traffic

13:11

or data that will overload the system in

13:13

many instances a person may not even

13:16

realize that his or her computer has

13:18

been hijacked and a

13:19

contributing to the DOS attack now

13:21

disrupting services can have serious

13:23

consequences relating to security and

13:25

online access many instances of

13:27

large-scale dos attacks have been

13:28

implemented as a single sign of protests

13:31

towards governments or individuals and

13:33

have led to severe punishment including

13:34

major jail time so how can you prevent

13:37

dos attacks against yourself well

13:40

firstly unless your company is huge it's

13:42

rare that you would be even targeted by

13:44

an outside group or attackers for a DOS

13:46

attack your site or network could still

13:48

fall victim to one however if another

13:50

organization on your network is targeted

13:52

now the best way to prevent an

13:54

additional breach is to keep your system

13:56

as secure as possible with regular

13:58

software updates online security

14:00

monitoring and monitoring of your data

14:02

flow to identify any unusual or

14:04

threatening spikes in traffic before

14:06

they become a problem

14:07

dos attacks can also be perpetrated by

14:10

simply cutting a table or dislodging a

14:12

plug that connects your website server

14:14

to the Internet so due diligence in

14:16

physically monitoring your connections

14:18

is recommended as well okay so next up

14:21

on a list is man-in-the-middle attacks

14:23

so by impersonating the endpoints in an

14:28

online information exchange the

14:30

man-in-the-middle attack can obtain

14:31

information from the end user and the

14:33

entity he or she is communicating with

14:36

for example if you are banking online

14:39

the man in the middle would communicate

14:40

with you by impersonating your bank and

14:43

communicate with the bank by

14:44

impersonating you the man in the middle

14:46

would then receive all of the

14:48

information transferred between both

14:49

parties which could include sensitive

14:51

data such as bank accounts and personal

14:53

information so how does it exactly work

14:56

normally an MIT M gains access through a

14:59

non encrypted wireless access point

15:01

which is basically one that doesn't use

15:04

WEP WPA or any of the other security

15:06

measures then they would have to access

15:09

all the information being transferred

15:11

between both parties by actually

15:13

spoofing something called address

15:15

resolution protocol that is the protocol

15:17

that is used when you are actually

15:19

connecting to your gateway from your

15:20

computer so how can you exactly prevent

15:23

MIT M attacks from happening against you

15:25

firstly you have to use an encrypted W

15:28

AP that is an encrypted wireless access

15:30

point

15:32

next you should always check the

15:33

security of your connection because when

15:36

somebody is actually trying to

15:37

compromise your security he will try to

15:39

actually strip down the SC DPS or SSDs

15:42

that is being injected in the website

15:44

which is basically the security

15:46

protocols so if something like this

15:48

HTTPS is not appearing in your website

15:50

you're on an insecure website where your

15:52

credentials or your information can be

15:54

compromised and the last and final

15:57

measure that you can actually use is by

15:59

investing in a virtual private network

16:01

which spoofs your entire IP and you can

16:04

just browse the Internet

16:05

with perfect comfort next up on our list

16:08

is drive-by downloads so gone are the

16:11

days where you have to click to accept a

16:13

download or install a software update in

16:15

order to become infected

16:16

now just opening a compromised webpage

16:19

could allow dangerous code to install on

16:22

your device you just need to visit or

16:24

drive by a webpage without stopping or

16:27

to click accept any software add the

16:29

malicious code can download in the

16:31

background to your device a drive-by

16:33

download refers to the unintentional

16:35

download of a virus or malicious

16:37

software onto your computer or mobile

16:39

device a drive-by download will usually

16:41

take advantage or exploit a browser or

16:44

app or operating system that is out of

16:45

date and has security flaws this initial

16:48

code that is downloaded it is often very

16:50

small and since this job is often simply

16:53

to contact another computer of where it

16:55

can pull down the rest of the code onto

16:56

your smartphone tablet or other

16:58

computers often a web page will contain

17:01

several different types of malicious

17:02

code in hopes that one of them will

17:04

match a weakness on your computer so how

17:07

does this exactly work

17:08

well first you visit the site and during

17:11

the 3-way handshake connection of the

17:13

tcp/ip protocol a Bacchan script is

17:16

triggered as soon as a connection is

17:18

made vile the last ACK packet is sent a

17:20

download is also triggered and the

17:23

malware is basically injected into your

17:25

system now the best advice I can share

17:27

about avoiding drive-by downloads is to

17:29

avoid visiting websites that could be

17:31

considered dangerous or malicious this

17:33

includes adult content file sharing

17:35

websites or anything that offers you a

17:38

free trip to the Bahamas now some other

17:40

tips to stay protected include keep your

17:43

internet browser and operating system

17:44

up-to-date

17:45

use a safe search protocol that warns

17:47

you when to navigate to a malicious site

17:49

and use comprehensive security software

17:51

on all your devices like McAfee

17:53

all-access and keeping it up to date

17:56

okay so that was it about drive-by

17:58

downloads next up is my lad vert icing

18:01

or malvert icing so malvert icing is the

18:04

name we in the security industry give to

18:06

criminally controlled advertisements

18:08

which intentionally infect people and

18:10

businesses these can be any ad on any

18:13

site often ones which you use as a part

18:16

of your everyday internet usage and it

18:18

is a growing problem as is evident by a

18:20

recent US Senate report and the

18:23

establishment of bodies like trust in

18:25

ads now whilst the technology being used

18:27

in the background is very advanced the

18:30

way it presents to the person being

18:31

infected is simple to all intents and

18:34

purposes the advertisement looks the

18:37

same as any other but has been placed by

18:39

criminal like you can see the mint ad

18:41

out here it's really out of place so you

18:44

could say it's been made by a criminal

18:45

now without your knowledge a tiny piece

18:48

of code hidden deep in the advertisement

18:50

is making your computer go to the

18:52

criminal servers these and catalog

18:55

details about your computer and its

18:56

location before choosing which piece of

18:58

malware to send you and this doesn't

19:00

need a new browser window and you won't

19:02

know about it so basically you're

19:04

redirected to some criminal server the

19:07

malware injection takes place and voila

19:09

you're infected it's a pretty dangerous

19:11

thing to be in so how exactly can you

19:14

stop magnetising well first of all you

19:17

need to use an ad blocker which is a

19:19

very must in this day and age you can

19:22

have ad blocker extensions installed on

19:25

your browser whether it be Chrome Safari

19:26

or Mozilla also regular software updates

19:29

of your browser and other software's

19:31

that work peripheral to your browser

19:32

always help and next is some common

19:36

sense any advertisement that is about

19:38

lottery that's offering you free money

19:40

is probably going to scam you and inject

19:42

malware too so never click on those ads

19:45

so the last kind of cyberattacks we are

19:48

going to discover today and discuss

19:50

about is rogue software so rogue

19:52

security software is a form of malicious

19:54

software and Internet fraud that

19:56

misleads users into believing that there

19:59

is a virus on their computer and

20:00

manipulates them into paying money for a

20:03

fake malware removal tool it is a form

20:06

of scare that manipulates users through

20:08

fear and a form of ransomware rogue

20:10

security software has been a serious

20:12

security threat in desktop computing

20:14

since 2008 so now how does a rogue

20:16

security software book these scams

20:19

manipulating users into download the

20:21

program through a variety of techniques

20:22

some of these methods include ads

20:24

offering free or trial versions of

20:26

security programs often pricey upgrades

20:28

are encouraging the purchase of the

20:30

deluxe versions then also pop-ups

20:33

warning that your computer is infected

20:34

with the virus which encourages you to

20:36

clean it by clicking on the program and

20:38

then manipulated SEO rankings that put

20:41

infected website as the top hits when

20:43

you search these links then read

20:45

directly to a landing page that claims

20:47

your machine is infected and encourages

20:49

you a free trial of the rogue security

20:51

program

20:51

now once the scareware is installed it

20:54

can steal all your information slow your

20:56

computer or corrupt your files disable

20:59

updates for Less limit antivirus

21:00

software or even prevent you from

21:02

visiting less timet security software

21:04

vendor sites while talking about

21:06

prevention the best defense is a good

21:08

offense and in this case an updated

21:11

firewall makes sure that you have a

21:12

working one in your office that protects

21:15

you and your employees from these type

21:16

of attacks it is also a good idea to

21:19

install a trusted antivirus or anti

21:21

spyware software program that can detect

21:23

threats like these and also a general

21:26

level of distrust on the internet and

21:28

not actually believing anything right

21:30

off the bat is the way to go ok guys so

21:32

that was me about all the a different

21:34

types of cyber threats and how they

21:36

actually work and how you could prevent

21:38

them I also hope you enjoyed the

21:40

demonstration I showed about phishing

21:42

that's it for me goodbye

21:44

I hope you have enjoyed listening to

21:46

this video please be kind enough to like

21:49

it and you can comment any of your

21:51

doubts and queries and we will reply

21:53

them at the earliest do look out for

21:56

more videos in our playlist and

21:57

subscribe to any rekha channel to learn

22:00

more happy learning