Breach passwords, in another term called data breaches are occurring daily, not only users itself but small and mid-sized businesses too, constantly increasing each day targeted by cyber criminals which is hackers trying to exploit the brand for specific purposes. Tracking and eliminating the risk causes may prevent hackers from retrieving secured data and to ensure that organizations will not fall into hacking attempt. Most of the data breaches occur due to having poor passwords that is easily cracked and the same password is reused.
Types of risk factors:
Brute Force Attack
Figure 1. Tools for brute force attack
Figure 2.Brute force attack on WordPress site
Brute force attack comprises repeating successful attempts of different password combinations in cyber-crimes, by using trial and error until the correct password is found. It is a tedious and simplest process for hackers that are equipped with basic programming skills. Hence, extra layers of security protection are usually added to prevent password breaching attempt. Often, the motive would be to acquire valuable data or to shut the site down. To prevent such attacks from taking place, safety measures like longer password length to be set as a requirement for websites and platforms to enforce users to create a password of certain length(8 or more characters). To create a complex password, and not something like NRIC number “S1234567B” or birth date “03021996” , instead , the password should be made up of UPPERCASE and lowercase alphabets with a mix of numbers and symbols, this may delay the cracking process. Limit the login attempts on the website, receiving just three failed attempts if all three failed user IP will be banned for a period before user can retry entering the password. Installing Captcha are common nowadays, it’s seen almost on every website these days, to stop or prevent bots from using automated scripts mostly used in brute force attack. And two factor authentications should be implemented by the host to safeguard users account; the chances of successfully executing attacks on websites with 2FA implemented are very thin. The optimal method to practice will be changing password regularly, don’t share important information through insecure networks.
Figure 3. Keylogger Software
Keylogger refers to unauthorized access into systems and sensitive data that threatens its security. It involves a program being installed on the target’s computer, easily keeping track of all the keystrokes that is entered, records what the target’s does on a device to capture their passwords and other sensitive information, after which the hacker have to find ways to access the target’s computer to retrieve the information or read the log file through a third party that is typically unknown, remote and malicious. A keylogger can take anything that’s programmed to monitor, so whatever typed on the keyboard regardless it’s online or offline, keylogger virus knows it all. During the times when your anti-virus application out-dated or turned off or worst not even installed, it’s impossible for the tool to defend against new keylogger programs; they will bypass through the AV software without any issues and no alerts will be shown to notice you. Preventive measures such as updating of antivirus software should be used to avoid keyloggers being attached when downloading programs, your anti-spyware and anti-virus software are your first line of defence and remember to enable the firewall, it’s able to prevent information being transmitted to a third party, firewalls are designed so to prevent external access to your computer. Another method will be installing anti-keyloggers, to detect keystroke software and removing it for you.
Figure 4. Shoulder surfing
Shoulder surfing is a type of data theft where criminals steal personal information by observing victims while they are using devices such as entering pin number at the ATMs, computer, mobile phone and several other electronics, waiting for them to expose their personal data or login information without realizing that someone is watching, allowing them to use it later to access your accounts impersonating you, cash withdrawal or worst take out credit using your name. Shoulder surfing is possible to happen at any place any time, as long as keypad and touchscreens is visible, shoulder surfers are good at stealthy observation, or they may be keen listeners overhearing while someone says an account number or personal data aloud into the mobile phone. Safety measures to keep yourself safe from shoulder surfing don’t say it out loud, always write your personal info or account number on a paper and give it to the recipient and ask them to shred it right after they are done with it. When entering personal info, go to a corner or area where your back is facing against a wall or you can use your hand to cover the side of the phone while entering data, always be aware of your surroundings checking whether anyone eyes are glued to your screen, and consider changing your mobile screen protector to those privacy screen protectors.
Figure 5. Definition of malware
Malware also known as “malicious software” is one of the biggest threats to computer users on the Internet today. It can infiltrate your web browser, redirect your web search, spam pop-up ads, track websites you visit and steal sensitive data. Malware viruses can spread uncontrollably and do damage to the computer like disabling computer systems, deleting data and alter files without you knowing. Even if you uninstall or delete it, they can reinstall themselves. Safety measures to practice will be installing an anti-malware software for scanning threats, enabling your firewall, have regular updates and security scans.
Types of malware
Viruses : a software program capable of reproducing itself and usually capable of causing great harm to files or other programs on the same computer; a true virus cannot spread to another computer without human assistance.
Spyware : is software that enables a user to obtain covert information about another’s computer activities by transmitting data covertly from their hard drive.
Adware – software that automatically displays or downloads advertising material (often unwanted) when a user is online.
Worms : a worm is a standalone malware computer program that replicates itself in order to spread to other computers. Often, it uses a computer network to spread itself, relying on security failures on the target computer to access it.
A Trojan : a Trojan horse is a program in which malicious or harmful code is contained inside apparently harmless programming or data in such a way that it can get control and do its chosen form of damage, such as ruining the file allocation table on your hard disk.
Figure 5. What’s a botnet?
Baratz, A. (2004, November 12). Malware: What it is and how to prevent it. Retrieved December 3, 2018, from https://arstechnica.com/information-technology/2004/11/malware/
Defending Against Keyloggers. (n.d.). Retrieved December 2, 2018, from https://documentation.logmein.com/webhelp/EN/SecDoc/LogMeIn/c_common_Security_keylogger.html
Katz, E. (2018, February 21). Data Breaches and Weak Passwords: A Love Story. Retrieved December 2, 2018, from https://blog.dashlane.com/data-breaches-weak-passwords/
Landesman, M. (2018, December 12). Keyloggers Are Computer Viruses – Be Aware. Retrieved December 2, 2018, from https://www.lifewire.com/what-is-a-keylogger-trojan-153623
Malware definition – What is it and how to remove it. (n.d.). Retrieved December 3, 2018, from https://www.malwarebytes.com/malware/
Neil, D. (2018, July 05). Malware. Retrieved December 3, 2018, from https://www.veracode.com/security/malware
McAfee. (2017, October 19). What is Shoulder Surfing? Retrieved December 2, 2018, from https://securingtomorrow.mcafee.com/consumer/identity-protection/what-is-shoulder-surfing/
Jim A. (2018, April 30). What Is Shoulder Surfing? Retrieved December 2, 2018, from https://www.experian.com/blogs/ask-experian/what-is-shoulder-surfing/
Rehman, I. U. (2018, March 22). What Is A Brute Force Attack? Retrieved December 02, 2018, from https://www.cloudways.com/blog/what-is-brute-force-attack/