A Need for Network Security

"Why can't we have good things? Damn hackers."

    Computers have drastically changed how humans work and play in the modern era. They quickly permeated nearly every industry, making work more efficient and productive. They’ve also enabled us to take entertainment to new heights with video games and stay connected through social media. However, like all good things, the joys computers brought could not be enjoyed for long before actors with malicious intent brought about the need for computer security. Computer security prevents unauthorized computer access, including viewing, changing, or destroying a computer or data (Vahid, 2017).

Bad actors can attack unsuspecting users in a number of ways. In more recent times, attacks on users' information have become more rampant. This includes unauthorized access to personal data or stealing and selling personal data. Phishing, for example, is a technique involving social engineering and technical deception to obtain private user information (Yang, 2022). Phishing attacks affect more than 40 million internet users each year (Yang, 2022). A phishing attack will commonly lure the target to a website that mimics another website that the target means to visit. A common example is an e-mail informing an unsuspecting target that their Bank of America password has changed. That same e-mail will likely contain hyperlinks that will take the user to a website that the attacker has created to mimic Bank of America. Once the user enters their information, it is thereby stolen. The FBI estimates that 26 billion was lost globally due to attacks like these, whereby hackers drain the accounts of unsuspecting users (Yang, 2022). To prevent attacks like these, organizations will often keep whitelists of commonly-used hacker e-mail addresses so that any e-mail from such addresses is automatically blocked. There are also innovations in machine learning currently being worked on that use AI to detect common phishing tropes and alert users on findings.

Social engineering is another type of sophisticated attack that involves the manipulation of individuals in order to induce them to carry out specific tasks or to trick them into giving away information that the hacker wants (Sandor, 2022). Social engineering manifests itself in several ways: whaling (attack that targets high rank members of an organization), baiting (relies on victim’s curiosity or greed), pretexting (conducted by pretending to be somebody else), scareware (manipulation based on shock and fear), quid pro quo (offering some help or information and then asking for something in exchange) [Sandor, 2022]. One of the best ways to prevent one’s self or organization from becoming a victim to a social engineering scheme is training. Understanding what these attacks truly are and the motivations behind them, allows a potential victim to make a risk assessment before doling out sensitive information (Sandor, 2022).

In earlier posts, we examined one of the simplest requests one computer can make to another, the echo request—or a ping. Bad actors can manipulate a tool as simple as a ping to flood a website with ping requests in an attempt to block service or reduce activity. When a website is brought down this way, its users experience a denial of service, which is why these attacks are called DoS attacks (Vahid, 2017). A noticeable symptom on the user’s side would be difficulty connecting to a website or random disconnects. These types of attacks can damage a business’ operations if their website is not functioning properly or customers cannot complete purchases.

 

 

 

 

References

Qabalin, M. (2021). Credit cards theft using social engineering over whatsapp: a survey study. International arab conference on information technology. pp. 1-7. doi: 10.1109/ACIT53391.2021.9677454.

Șandor, A. (2022). A mathematical model for risk assessment of social engineering attacks. TEM Journal, 11(1), 334–338. https://doi.org/10.18421/TEM111-42

Vahid, F., & Lysecky, S. (2017). Computing technology for all. https://learn.zybooks.com/zybook/ASHFORDINT100AcademicYear2018/chapter/1/section/1

Yang, R. (2022). Predicting user susceptibility to phishing based on multidimensional features. Computational Intelligence & Neuroscience, 1–11. https://doi.org/10.1155/2022/7058972