The ways of defense against hacking attacks – royalcode.eu

The ways of defense against hacking attacks

Who is most often hacked

Every day, millions of attempted hacker attacks are documented. Many of them are successful because those responsible for the attack know the weaknesses of the software, mainly used by the advantage of free access.

There is data available that in 2018 35% of websites were based on WordPress engine, which is free. However, 98% of WordPress vulnerabilities are installed plugins whose security is most often not tested.

It is well known that Windows usually cannot cope with virus-infected software, while Linux distributions are almost nonexistent. This is because, although Linux and freeBSD are free, it is most often used by programmers or users from poorer countries whose citizens cannot afford a Windows license, or even more so Apple products.

The clear conclusion is that since Windows is the most common system, it will be the most vulnerable system. Among Windows users, the obvious goal will be corporations using outdated solutions – e.g. Poczta Polska, which sometimes uses Windows XP in its branches in 2020. I personally found out about this fact during my visit to the post office: to my question about the operating system used by the mail, I was just shown a monitor whose screen showed me the well-known start bar and the default Windows XP wallpaper.

Hacker attacks and the operating system

FreeBSD, Linux and mac OS users are more secure at the start, because they don’t use the most common solution. Windows users are in a completely different situation.

The application installation files contain a lot of hidden fields for consent to download additional software. Many users do not even know that they have installed Avast Antivirus, which itself behaves like a virus: it collects information, user and activity data, and when removed from the computer returns when installing another software.

I have learned about the effectiveness of native system defense, which is Windows Defender, and I stick to it. The best form of anti-virus is to refrain from installing unpopular, unproven and often unnecessary software, as well as from a dubious source (e.g. torrents or pages with translated content).

One should always remember that antivirus is first and foremost only a sense of security, which gives the color of green and a bird confirming the success of scanning without detecting malware. The anti-virus company, however, will never get enriched by securing computers as much as by the anonymous offer encouraging to ignore the new virus in the system.

An obvious precautionary measure for exploiting system errors is to use the latest version, i.e. updating as often as possible. This applies to both the system and its software.

Hacker attacks and email: attachments and phishing

Email messages may contain attachments whose name and extension appear to be a picture, but after downloading it turns out to be broken. It actually works, but the user is unaware that malicious software has started running in the background.

A common method of attack via e-mail is also phishing , i.e. encouraging you to click on the address whose domain pretends to be the name of the bank (e.g. mojbank.pl – rnojbank.pl) or social media. A similar graphic design gives a deceptive feeling of staying on the expected site, but the current one is used to fool login details, personal data or money.

In the case of e-mail, you should be aware of the risks and refrain from downloading attachments and clicking links when you do not know the correspondent. There is no other defense. Sometimes you will notice in the footer of the message that Avast anti-virus confirms its security. In this situation, however, a light should come on in your head that the correspondence has no security guarantee, but the sender of the message probably trusts Avast too much or has been the victim of an insidious installation file.

Other types of hacker attacks and how to defend against them

Anyone can be a hacker, and you don’t have to hack into a NATO or Pentagon server to be able to define yourself as such. A hacker attack can be committed by an elementary school student who has read or watched a video about a WordPress security hole and uses a bug to generate a new post on someone else’s blog.

Defense against Phishing attack

Phishing has already been described above, but it also occurs in the form of SMS, social media messages and any form that encourages online activity. Often, as an argument, he uses false information about a certain amount to pay.

Defense against Keyloggers

Keylogger is a simple program that tracks the content you enter. Each entered character is recorded in a file that will be sent to it on the occasion determined by the torturer. It is difficult to talk about the detection of a keylogger, therefore a reasonable counteraction will be to use a password manager, thanks to which you do not have to enter access data and thus hinder their extraction by a malicious program.

Defense against Brute Force attack

Brute Force is the name of the attack of instant login attempts with every possible configuration of password characters. Thanks to increasingly better processors, this technique can work faster, but it may take several years to crack a password of several characters with a structure of different types of characters, so it is recommended to use simple but long passwords rather than short and complicated ones.
It is possible to attack bruteforce with a dictionary of popular passwords, so it is recommended to change your passwords often. If a person uses the same password on several popular portals for one quarter, it is already certain that the password is in the hacker community database, ready for use in an attack. Troy Hunt has created a page where you can check if there is information about a password leak for associated accounts based on your email address.

Summary

There is no program that will provide security for the user. He must know that he cannot do dangerous things with impunity. The only right defense against hacker attacks is to raise awareness of system weakness and keep your guard down by using good practices to avoid falling victim to phishing or information. The motivation for attacks is always money and you have to understand it. If the rules of safe use of the computer and the Internet are not convinced by someone the possibility of stealing personal data, perhaps they do not yet know that with their help the torturer will be able to take a loan that will repay the victim, or be blackmailed with e-mail and photos. Then, however, it will be too late for preventive action.