 |
| Image courtesy of Network Security Wallpapers |
It is proven time and time again that nothing in this world is exempt from the exploitation of people looking for self-gratification. Just as the world moves forward on its path toward technological discovery and expansion, so too does the knowledge and evolution of those that seek to use these technologies for ill purposes. These individuals intend to infiltrate systems to acquire users’ personal information such as names, birth dates, social security numbers, addresses, bank card numbers, account numbers, etc.
Since cybercriminals steal a user’s information to use it for themselves or someone else other than the individual it belongs to, cyber-attacks are also a method of Identity Theft.
The Dark Side of Ping
In
a previous post, we discussed the purpose of using ping and traceroute
commands. Ping commands are usually used to determine a server or computer’s
connectivity by sending packets to an IP address and measuring the time it
takes to receive a response. However, ping commands can also be used as a type
of cyber-attack. One such attack that the ping command can be used to initiate
is an ICMP flood attack, otherwise known as a ping flood attack. “Ping flood is
a common Denial of Service (DoS) attack in which an attacker takes down the
victim’s computer by overwhelming it with ICMP echo requests, also known as
pings.” (Ping flood (ICMP flood), n.d.) Essentially, this overloads the
receiver’s network with data packets, which puts a strain on said network. Here
are several types of attacks that can be performed:
A targeted local disclosed attack targets a single computer on a local network. A router-disclosed attack targets routers to disrupt communications between computers on a network. And lastly, a blind ping flood attack involves using an external program to uncover the IP address of the target before executing an attack. A successful attack will either take down the targeted computer or computers connected to a router in each type of attack. (Ping flood (ICMP flood), n.d.)
Cybercrime: Phishing (Fishing) And Social Engineering
Moving
on, ping attacks are just one method of computer incident that cybercriminals
use to attack or steal/acquire information from targets online. The two other
computer incidents I elected to cover for this assignment are phishing
(fishing) and social engineering. I was already pretty well versed in what
phishing was as it has been on the rise in recent years. Many employers,
including my own, have been proactive about warning their employees about the
dangers of phishing emails.
According
to research, “Phishing is a cybercrime in which a target or targets are
contacted by email, telephone or text message by someone posing as a legitimate
institution to lure individuals into providing sensitive data such as
personally identifiable information, bank accounts, credit card details, and
passwords.” (What Is Phishing?, n.d.) Social engineering can be defined
as methods employed by hackers to gain the trust of an end user so that the
hacker can obtain information that can be used to access data or systems. (What
Is Social Engineering? The Human Element in the Technology Scam, n.d.)
 |
| Image courtesy of Mike Chu of Data Overhaulers |
When Cybercriminals Attack
In
researching, I discovered that there is not much difference between phishing
and social engineering. Instead, social engineering is a general umbrella term
that is used to describe types of attacks cybercriminals use to access your
computer or steal your information, and phishing is a type of social
engineering attack. For phishing to be successful, the attacker has to convince
their target that they are a trusted representative for an institution or
business. In doing so, the attacker will try to trick their target into
clicking on the malicious email or text links that would corrupt their computer
with malware or send them to an illegitimate website designed to impersonate a
legitimate website. The malware attack will infect a user’s system and may
render their computer unusable or susceptible to data breaches.
Regarding phony websites, the attacker tricks their target into inputting personal information that the attacker would then use for their nefarious purposes. Also, as a type of social engineering, attackers can acquire phone number information for individuals they want to target. They will call you on the phone while impersonating an institution representative to trick you into giving them personal information. Sometimes they want you to confirm your username and password for websites you access, or they may want to confirm your payment information. They may even offer you a free trip or assistance of some type that requires over-the-phone payment to secure their services.
The Outcome and How to Combat Cybercriminals
If
an attacker is successful at tricking their target into believing they are a legit
representative, it opens the door for them to acquire personal information such
as passwords and bank account or card number information. That said, there are
ways to prevent these reprehensible individuals from gaining access to your
computer, accounts, and other affairs. According to ComptTIA.org (n.d.), you
should:
- Research any suspicious calls, emails, or texts.
- Open attachments only from trusted sources.
- Immediately delete any emails or texts asking for
passwords or personally identifiable information (PII), such as social
security numbers or financial information.
- Don’t open any emails promising prizes or notifications
of winnings.
- Download software only from approved sources.
- Be wary of urgent requests or solicitations for help.
- Make sure you have spam filters and antivirus software
on your device.
- When in doubt, contact IT to confirm any technology-related requests.
References:
- Ping flood (ICMP flood). (n.d.). Imperva. https://www.imperva.com/learn/ddos/ping-icmp-flood/
- What Is Phishing? (n.d.). Phishing. https://www.phishing.org/what-is-phishing
- What Is Social Engineering? The Human Element in the Technology Scam. (n.d.). CompTIA. https://www.comptia.org/content/articles/what-is-social-engineering
No comments:
Post a Comment