From identity theft to financial disruption, black hat
hackers seem to be constantly wreaking havoc, regardless of who is affected. To
combat these malicious attackers, we have white-hat hackers who, using the same
skills as a hostile hacker, find vulnerabilities in a system, so that those
vulnerabilities can be patched. These white hat hackers are popularly known as—
Ethical Hackers!
Through the ages technology is constantly evolving, creating
space for developments, both good and bad. For an ethical hacker to truly
combat a malicious hacker, they must have access, and more importantly, must
understand the latest tools and techniques in the hacking world.
Skills That a
White-Hat Hacker Needs to Even the Field
1. IoT Hacking
The adoption of Internet of Things (IoT) technology has
raised many security queries over the years and has initiated a numerous amount
of new cybersecurity threats. While the Mirai Botnet is the most memorable
IoT-based cyber-attack, so far, there have been many more IoT-based cyber-attacks
happening around us:
There was a clear case of data exfiltration in an unnamed
North American casino where hackers managed to transfer data to a device in
Finland, through an internet-connected thermometer from an aquarium in the
lobby.
A study of the sudden spike in activity of an architectural
firm lead to the observation that the drawing pads used by the designers of the
company, were being hacked. This denial-of-service attack ensued as the default
login credentials of these devices were left unchanged. The hacker identified
this vulnerability and exploited the devices, distributing data to websites all
around the world.
In 2015, a team of researchers managed to hack and take
control of a Jeep SUV using various entry points. The first infiltration was
through the car’s Wi-Fi where they finally took control of the head unit’s
system. They then further researched and found that the vehicle could also be
infiltrated through its CAN bus to control the steering wheel, brakes,
windshield wipers, door locks, engine, and much more, all over the Sprint
cellular network.[3]
With the number of IoT connected devices to increase from
10.3 billion in 2014 to 29.5 billion in 2020[4], it is essential that
cybersecurity professionals contain the right skill-set to fight IoT hackers.
2. Vulnerability
Assessment
Vulnerability assessments scan networks for vulnerabilities
and security flaws in an organization’s infrastructure. These identified
loopholes are then used by attackers to further exploit the network.
At the same time, vulnerability assessments are conducted to
strengthen one’s security from internal and external cyber attackers. Through
an assessment, an organization can gauge the requirement for updated anti-virus
software and firewalls, check configurations, troubleshoot hardware with
default configurations, and much more.
3. Cloud Computing
The implementation of cloud computing in many organizations
has issued unmatched benefits, bringing each organization a step closer to
digital transformation. However, this could also mean that huge amounts of data
are left unprotected.
The cloud is what many hackers consider to be a supply of
unlimited treasures as thousands of passwords, bank account details, and social
security numbers are stored on it. Many major data breaches have been
implemented due to security flaws in the cloud, such as the Dropbox hack which
led to the leak of over 68 million user passwords and IDs, or worse, the Yahoo
hack that affected 3 billion Yahoo users. In fact, the number of attacks on
cloud-based accounts has increased by 300%, according to Microsoft’s Security
and Intelligence report.
4. Artificial
Intelligence and Machine Learning
Artificial intelligence is often viewed as a double-edged
sword, used by criminals and white-hat hackers alike. Increased advancements in
technology, such as self-driven cars, language translators, and big data, often
equals increased cyber-threats such as social engineering, ransomware,
phishing, botnets, etc.
Using artificial intelligence and machine learning to
identify vulnerabilities and security flaws is a faster solution to defending
systems against various cyber-attacks that a normal anti-virus scan cannot
normally detect.
Both artificial intelligence and machine learning are now
being used by many industries to detect cyber-threats from large amounts of
data, collected by organizations.
5. RansomwareEthical
Hacking
Ransomware has been on the scene for over a decade but does
not seem to be showing any signs of slowing down, in fact, it is quite the
opposite. With 39% of malware attacks in 2017 being ransomware and a 253% rise
in mobile ransomware attacks it is becoming quite obvious that unless drastic
measures are taken, this epiderm is not going to die down.
Cyber criminals have found some creative ways to spread
ransomware attacks using phishing techniques, existing botnets, and “free
software”. The invention of cryptocurrency has only made it easier for
malicious attackers to cover their tracks.
6. IoT Botnets
A botnet is a collection of internet-connected devices,
whether it is PCs or mobiles. These devices can be accessed remotely and is set
up to transmit malware to other computers on the internet. However, the
Internet of Things does not comprise of solely computer systems but includes
household appliances, automobiles, hospital equipment, and smart home devices.
Mirai botnet, a malware that turns networked devices into
remotely controlled bots was the largest DDoS attack launched using an IoT
botnet. The botnet was first found in 2016, targeting online devices such as IP
cameras and home routers. This attack targeted huge portions of the internet,
including Twitter, the Guardian, Netflix, Reddit, and CNN.
7. Android Malware
Android malware has increased from half a million in 2013 to
3.5 million in 2017. Over the last few years, the main threat to Android users
has been rooting malware, exploiting system vulnerabilities to the extent where
the malware was able to reset the device’s factory setting so that the device
is unable to get rid of the malware.
Other android malware attacks include phishing attacks where
a Trojan overlays the application’s interface to collect card details on hotel,
taxi, and ticket booking apps; new WAP Trojans were discovered where the
malware visited pages with WAP subscriptions, using the money from the user’s
mobile account.
8. Banking/Financial
Malware
Although ransomware is viewed as the biggest threat in the
cyberspace, the financial threat space is 2.5 times bigger than that.Banking
trojans like the Zeus (Zbot), that captured credentials through keylogging,
form grabbing, and the injection of additional HTML on legitimate banking
websites, became the foundation of many other banking trojans from Gameover
Zeus to Floki Bot.
No comments:
Post a Comment