The final installment of our 15 part series, is a variation of the Cryptojacking attacks we spoke about in Part 13. The difference is that in this case hackers use malware to gain access to existing Crypto mining computers or exchanges to piggy back off them and mine their own Cryptocurrency.
Read MoreJust like our last post on DoS attacks, the hacker tries to shut down a machine or network, with the intention of making the resource unavailable to the user(s). It involves flooding the bandwidth or resources of a targeted system or web server(s).
Read MoreOne of the most common types of attacks, the intention of a hacker is to shut down a machine or network, with the intention of making the resource unavailable to the user(s).
Example: Hackers often target websites to overwhelm them with requests, and essentially cause them to crash. Some famous examples of successful DoS attacks were Hong Kong's Occupy Central, GitHub, CloudFlare, U.S. Banks.
In Australia alone, there are roughly 200-300 DoS attacks per day, or 8-13 per hour.
Risk Mitigation: There are measures you can put in place to not only reduce your risk, but also to recover if it does happen. These include but are not exclusive to:
- Develop a DoS response Plan for when it does happen
- Securing and maintaining your network infrastructure: some firewalls have inbuilt protection to common DoS attack methods
- Buy more bandwidth: a good reason to leverage the cloud
- Understand the warning signs: having detection/monitoring software in place
- DDos-as-a-service: there are 3rd party hosted protection services available.
- Having redundancy in place
There are a number of different types of password attacks. Three such types are: brute force, dictionary, and keylogger. Brute force and dictionary are similar, in that they both involve a script and a password list to attempt to authenticate against a site or service. Keylogger is usually a trojan installed on an unsuspecting computer logging keystrokes in order to gain access.
Example: On top of randomly created lists, actual password lists from breached sites are a sought after prize for hackers. In some cases, the breaches result in stolen email and password combinations, but sometimes it's just passwords on their own that are stolen. Either way, it's the most poignant reason not to use the same password across multiple sites.
Risk Mitigation: A password manager is the best way to generate and store your passwords. If you insist on creating your own, examples of strong passwords would be four random words, or a longer sentence that means something to you. If you want to check whether your email(s) or your password(s) have been involved in a breach, there is a site you can check.
Some recommended password managers are:
Your website was custom built using a template that is no longer supported. Because the custom template is no longer supported, you no longer have the ability to update all the plugins on the website, leaving it vulnerable to attacks.
Learn how to protect yourself from XSS Attacks.
Read More
